CNNVD-202602-1042 Information
CNNVD ID
CNNVD-202602-1042
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Fortinet FortiClientEMS是美国飞塔(Fortinet)公司的Fortinet提供的端点管理解决方案的一部分,旨在帮助组织有效地管理其网络中的终端设备,并提供端点安全性的监控和控制。 Fortinet FortiClientEMS 7.4.4版本存在SQL注入漏洞,该漏洞源于SQL命令中特殊元素中和不当,可能导致未经身份验证的攻击者通过特制HTTP请求执行未授权代码或命令。
Description (English)
Fortinet FortiClitems is part of the end-point management solution provided by Fortinet, Inc., to help the organization effectively manage the terminal equipment in its network and provide end-point security monitoring and control. Fortinet FortiClitems version 7.4.4 contains an injection loophole in SQL, which stems from the inaccuracy of the special elements in the SQL order and may result in an unauthorized attacker requesting enforcement of an unauthorized code or order through a specially designed HTTP.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
飞塔
Published
2026-02-06
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-1142