CVE-2022-29059

Low CVSS 2.7

Overview

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands over the log database via specifically crafted strings parameters.

CWE: CWE-89 Published: 2025-03-14T16:15:27.027

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 2.7 (LOW)
Detected tags: sql (tag impact: MODERATE)

Recommended actions:

Use parameterized queries/ORM (avoid string concatenation).
Add WAF rules and input validation.

Overview

Recommended tools

Tags