exploitDog

GHSA-r6vr-hwpr-qqch

Опубликовано: 06 фев. 2026

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Ссылки

EPSS

Процентиль: 98%

0.62516

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2026-21643

CVSS3: 9.8

nvd

3 месяца назад

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

BDU:2026-01492

CVSS3: 9.8

fstec

3 месяца назад

Уязвимость веб-интерфейса сервера для управления программами Fortinet FortiClient Enterprise Management Server (EMS), позволяющая нарушителю выполнять произвольные команды

EPSS

Процентиль: 98%

0.62516

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89