CVE-2025-24474 Information

Jul 09, 2025 cve

Description

An Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1 7.4.0 through 7.4.6 7.2 all versions 7.0 all versions 6.4 all versions; FortiManager Cloud 7.4.1 through 7.4.6 7.2 all versions 7.0 all versions 6.4 all versions; FortiAnalyzer 7.6.0 through 7.6.1 7.4.0 through 7.4.6 7.2 all versions 7.0 all versions 6.4 all versions; and FortiAnalyzer Cloud 7.4.1 through 7.4.6 7.2 all versions 7.0 all versions 6.4 all versions may allow an authenticated attacker with high privilege to extract database information via crafted requests.

Reference

https://fortiguard.fortinet.com/psirt/FG-IR-24-437

CNNVD-202507-1007 (Published: 2025-07-08)

Share on:

CVE-2025-24474 Information

Description

Reference

Related CNNVD