SQL Injection Vulnerability in Fortinet FortiWLM Version 8.6.1 and Below: Disclosure of Device, Users, and Database Information via Crafted HTTP Requests

SQL Injection Vulnerability in Fortinet FortiWLM Version 8.6.1 and Below: Disclosure of Device, Users, and Database Information via Crafted HTTP Requests

CVE-2021-36184 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests.

Learn more about our Cis Benchmark Audit For Fortinet.