Fortinet: >> Fortiweb >> 7.6.1 Security Vulnerabilities
An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests.
CVSS Score
6.2
EPSS Score
0.002
Published
2025-04-08
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries
CVSS Score
2.7
EPSS Score
0.002
Published
2025-01-14
Page 3