CVE-2022-26116

CVE Database · CVE-2022-26116

CVE-2022-26116

· HIGHModified

CVSS v3.1

7.2

EPSS

0.76%

Published

May 11, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-89

Affected Products (9)

fortinet · fortinacvulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-22-062

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-062

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs