CNNVD-202507-1007 Information
CNNVD ID
CNNVD-202507-1007
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
Fortinet FortiManager等都是美国飞塔(Fortinet)公司的产品。Fortinet FortiManager是一套集中化网络安全管理平台。Fortinet FortiAnalyzer是一套集中式网络安全报告解决方案。Fortinet FortiManager VM是一套用于虚拟机的集中化网络安全管理平台。 Fortinet多款产品存在SQL注入漏洞,该漏洞源于SQL命令中特殊元素中和不当,可能导致高权限认证攻击者通过特制请求提取数据库信息。以下产品及版本受到影响:FortiManager 7.6.0至7.6.1版本、7.4.0至7.4.6版本、7.2所有版本、7.0所有版本、6.4所有版本,FortiManager Cloud 7.4.1至7.4.6版本、7.2所有版本、7.0所有版本、6.4所有版本,FortiAnalyzer 7.6.0至7.6.1版本、7.4.0至7.4.6版本、7.2所有版本、7.0所有版本、6.4所有版本,和FortiAnalyzer Cloud 7.4.1至7.4.6版本、7.2所有版本、7.0所有版本、6.4所有版本。
Description (English)
Fortinet FortiManager and others are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized cybersecurity reporting solution. Fortinet FortiManager VM is a centralized network security management platform for virtual machines. Fortinet’s multiple products have a leak in SQL, which stems from the inaccuracy of special elements in the SQL order, which may lead to a high-authority authentication of the attacker’s request for access to the database. The following products and versions were affected: FortiManager Versions 7.6.0 to 7.6.1, 7.4.0 to 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions, FortiManager Cloud Versions 7.4.1 to 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions, FortiAnalyzer Versions 7.6.0 to 7.6.1, 7.4.0 to 7.4.6, 7.2 all versions, 7.0 to 7.4.0 all versions, 7.0 all versions, 7.0 all versions, 6.4 versions, and FortiAnalyzer Cloud Versions 7.4 to 7.4.6, 7.2 all versions, 7.0 all versions and 6.4 all versions.
Hazard Level
Critical
Vulnerability Type
SQL注入
Affected Vendor
Fortra
Published
2025-07-08
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-24-437 https://access.redhat.com/security/cve/cve-2025-24474
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-24-437
Share on: