2024-03-13
Fortinet Fixes Critical SQL Injection Flaw
Fortinet has released a fix for a critical vulnerability in the DB2 Administration Server (DAS) component of its FortiClient Enterprise Management Server (EMS) software. The flaw, an improper neutralization of special elements in an SQL command, can be exploited to execute unauthorized code.
Editor's Note
This has not been a good week for Fortinet. A PoC for this vulnerability is expected in the next few days. You must patch now! Vulnerability research firm Horizon3 released PoC for some vulnerabilities in Fortinet's wireless management product. These vulnerabilities have not been patched yet.
Johannes Ullrich
The flaw affects FortiClient EMS versions 7.0 (7.0.1 through 7.0.10) and 7.2 (7.2.0 through 7.2.2), so you’re going to want to apply the updates, ideally this week.
Lee Neely
Read more in
Bleeping Computer: Fortinet warns of critical RCE bug in endpoint management software