SQL Injection in delete filter component

SQL Injection in delete filter component Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-140 Final 1 1 2022-09-06T00:00:00 Current version 2022-09-06T00:00:00 2022-09-06T00:00:00 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb delete log filter component may allow a privileged attacker to execute SQL commands over the log database via specifically crafted strings parameters. None Execute unauthorized code or commands At leastFortiWeb version 7.0.0 through 7.0.1FortiWeb 6.4 all versionsFortiWeb 6.3 all versionsFortiWeb version 6.2.3 through 6.2.8FortiWeb 6.1 all versions are not affectedFortiWeb 6.0 all versions are not affectedFortiWeb 5.9 all versions are not affected Upgrade to FortiWeb version 7.0.2 or above. Internally discovered and reported by Giulia Clerici of the Fortinet Product Security team. FortiWeb 7.0.1 FortiWeb 7.0.0 FortiWeb 6.4.3 FortiWeb 6.4.2 FortiWeb 6.4.1 FortiWeb 6.4.0 FortiWeb 6.3.23 FortiWeb 6.3.22 FortiWeb 6.3.21 FortiWeb 6.3.20 FortiWeb 6.3.19 FortiWeb 6.3.18 FortiWeb 6.3.17 FortiWeb 6.3.16 FortiWeb 6.3.15 FortiWeb 6.3.14 FortiWeb 6.3.13 FortiWeb 6.3.12 FortiWeb 6.3.11 FortiWeb 6.3.10 FortiWeb 6.3.9 FortiWeb 6.3.8 FortiWeb 6.3.7 FortiWeb 6.3.6 FortiWeb 6.3.5 FortiWeb 6.3.4 FortiWeb 6.3.3 FortiWeb 6.3.2 FortiWeb 6.3.1 FortiWeb 6.3.0 FortiWeb 6.2.8 FortiWeb 6.2.7 FortiWeb 6.2.6 FortiWeb 6.2.5 FortiWeb 6.2.4 FortiWeb 6.2.3 SQL Injection in delete filter component CVE-2022-29059 FortiWeb-7.0.1 FortiWeb-7.0.0 FortiWeb-6.4.3 FortiWeb-6.4.2 FortiWeb-6.4.1 FortiWeb-6.4.0 FortiWeb-6.3.23 FortiWeb-6.3.22 FortiWeb-6.3.21 FortiWeb-6.3.20 FortiWeb-6.3.19 FortiWeb-6.3.18 FortiWeb-6.3.17 FortiWeb-6.3.16 FortiWeb-6.3.15 FortiWeb-6.3.14 FortiWeb-6.3.13 FortiWeb-6.3.12 FortiWeb-6.3.11 FortiWeb-6.3.10 FortiWeb-6.3.9 FortiWeb-6.3.8 FortiWeb-6.3.7 FortiWeb-6.3.6 FortiWeb-6.3.5 FortiWeb-6.3.4 FortiWeb-6.3.3 FortiWeb-6.3.2 FortiWeb-6.3.1 FortiWeb-6.3.0 FortiWeb-6.2.8 FortiWeb-6.2.7 FortiWeb-6.2.6 FortiWeb-6.2.5 FortiWeb-6.2.4 FortiWeb-6.2.3 2.6 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-140 SQL Injection in delete filter component Reference>