First published: Tue Nov 14 2023(Updated: )
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request.
|Affected Software||Affected Version||How to fix|
CVE-2023-34991 is a vulnerability that allows an attacker to execute unauthorized code or commands via a crafted HTTP request due to improper neutralization of special elements used in an SQL command (SQL injection) in Fortinet FortiWLM.
Fortinet FortiWLM versions 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.4.0 through 8.4.2, 8.3.0 through 8.3.2, and 8.2.2 are affected by CVE-2023-34991.
CVE-2023-34991 has a severity rating of 9.3 (critical).
An attacker can exploit CVE-2023-34991 by sending a crafted HTTP request containing malicious SQL commands.
Yes, it is recommended to update Fortinet FortiWLM to a version that has addressed the vulnerability.