CNNVD-202507-2313 Information
CNNVD ID
CNNVD-202507-2313
Related CVE
- CNNVD Published: 2025-07-17
Description (Chinese)
Fortinet FortiWeb是美国飞塔(Fortinet)公司的一款Web应用层防火墙,它能够阻断如跨站点脚本、SQL注入、Cookie中毒、schema中毒等攻击的威胁,保证Web应用程序的安全性并保护敏感的数据库内容。 Fortinet FortiWeb 7.6.3及之前版本、7.4.7及之前版本、7.2.10及之前版本和7.0.10之前版本存在SQL注入漏洞,该漏洞源于对SQL命令中特殊元素中和不当,可能导致SQL注入攻击。
Description (English)
Fortinet FortiWeb, a fireproof wall for the Fortinet application of the United States, can disrupt the threat of attacks such as cross-site scripts, SQL injections, Cookie poisoning and schema poisoning, ensure the safety of Web applications and protect sensitive database content. Fortinet FortiWeb 7.6.3 et seq., 7.4.7 et seq., 7.2.10 et seq. and 7.0.10 pre-versions contain a SQL injection loophole, which stems from the misalignment of special elements in the SQL order and may lead to an SQL injection attack.
Hazard Level
Low
Vulnerability Type
SQL注入
Affected Vendor
飞塔
Published
2025-07-17
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-151 https://github.com/0xbigshaq/CVE-2025-25257 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-25257 https://access.redhat.com/security/cve/cve-2025-25257 https://www.exploit-db.com/exploits/52473
Patch
https://www.fortinet.com/products/web-application-firewall/fortiweb
Share on: