CyberSec.Space Logo
Back to CVE Browser

CVE-2020-29015

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0280%
EPSS Percentile23.37th
PublishedJan 14, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.

Affected Platforms (CPE)

📦
Fortinet

Fortiweb

< 6.2.4
📦
Fortinet

Fortiweb

>= 6.3.0 and <= 6.3.7

References & Advisories

🔗 https://www.fortiguard.com/psirt/FG-IR-20-124
🔗 https://www.fortiguard.com/psirt/FG-IR-20-124

Related Vulnerabilities

CVE-2021-427569.8

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, ...

CVE-2026-248589.8

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 ...

CVE-2020-290169.8

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated,...

CVE-2025-597199.8

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiW...