CVE-2021-42760: SQL Injection
First published: Wed Dec 08 2021(Updated: )
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests.
Credit: psirt@fortinet.com psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiWLM | <=8.6.1 | |
| <=8.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-42760?
The severity of CVE-2021-42760 is high.
What is the vulnerability type of CVE-2021-42760?
The vulnerability type of CVE-2021-42760 is SQL injection.
Which software version is affected by CVE-2021-42760?
Fortinet FortiWLM version 8.6.1 and below are affected by CVE-2021-42760.
How can an attacker exploit CVE-2021-42760?
An attacker can exploit CVE-2021-42760 by sending crafted requests that include SQL injection payloads, allowing them to disclose sensitive information from the database tables.
Is there a fix or patch available for CVE-2021-42760?
It is recommended to update Fortinet FortiWLM to a version that is not affected by CVE-2021-42760 or apply the necessary security patches provided by Fortinet.
- collector/nvd-index
- agent/type
- agent/references
- agent/remedy
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/fortinet
- canonical/fortinet fortiwlm
- version/fortinet fortiwlm/8.6.1