CVEDB API

Vulnerabilities

Vulnerable Software

Fortinet: >> Fortianalyzer Big Data >> 7.2.9 Security Vulnerabilities

CVE-2025-49784

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests.

CVSS Score

6.0

EPSS Score

0.0

Published

2026-03-10

CVE-2024-35274

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests.

CVSS Score

2.3

EPSS Score

0.001

Published

2024-11-12

Page 1

Vulnerabilities

Vulnerable Software

Fortinet: >> Fortianalyzer Big Data >> 7.2.9 Security Vulnerabilities

Products

Pricing

Contact Us