PSIRT Advisories
FortiNAC - SQL Injection
Summary
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.
Affected Products
FortiNAC version 8.3.7FortiNAC version 8.5.0 through 8.5.2
FortiNAC version 8.5.4
FortiNAC version 8.6.0
FortiNAC version 8.6.2 through 8.6.5
FortiNAC version 8.7.0 through 8.7.6
FortiNAC version 8.8.0 through 8.8.11
FortiNAC version 9.1.0 through 9.1.5
FortiNAC version 9.2.0 through 9.2.2
Solutions
Upgrade to FortiNAC version 10.0.0 or above,
Upgrade to FortiNAC version 9.4.0 or above,
Upgrade to FortiNAC version 9.2.3 or above,
Upgrade to FortiNAC version 9.1.6 or above,