CVE-2023-37931

High CVSS 8.8

Overview

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests

CWE: CWE-89 Published: 2025-01-14T14:15:26.623

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.8 (HIGH)
Detected tags: blind_sql, sql (tag impact: MODERATE)

Recommended actions:

Use parameterized queries and sensible timeouts; minimize error details.
Use parameterized queries/ORM (avoid string concatenation).
Add WAF rules and input validation.

Overview

Recommended tools

Tags