CNNVD-202601-2150 Information
CNNVD ID
CNNVD-202601-2150
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
Fortinet FortiClientEMS是美国飞塔(Fortinet)公司的Fortinet提供的端点管理解决方案的一部分,旨在帮助组织有效地管理其网络中的终端设备,并提供端点安全性的监控和控制。 Fortinet FortiClientEMS 7.4.3版本至7.4.4版本、7.4.0版本至7.4.1版本、7.2.0版本至7.2.10版本和7.0所有版本存在SQL注入漏洞,该漏洞源于特殊元素中和不当,可能导致经过身份验证的攻击者通过特制HTTP或HTTPS请求执行未经授权的SQL代码或命令。
Description (English)
Fortinet FortiClitems is part of the end-point management solution provided by Fortinet, Inc., to help the organization effectively manage the terminal equipment in its network and provide end-point security monitoring and control. Fortinet FortiClitems 7.4.3 to 7.4.4, 7.4.0 to 7.4.1, 7.2.0 to 7.2.10 and all 7.0 have an injection loophole in SQL that originates in special elements and is inappropriate, and may lead to unauthorized SQL codes or orders being requested by an identified attacker through a specially designed HTTP or HTTPS.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
飞塔
Published
2026-01-13
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-735 https://access.redhat.com/security/cve/cve-2025-59922
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-25-735
Share on: