CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-35275: A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2,...

6.5 CVSS

Description

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.

Classification

CVE ID: CVE-2024-35275

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

Affected Products

Vendor: Fortinet

Product: FortiManager

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 21.55% (scored less or equal to compared to others)

EPSS Date: 2025-02-12 (when was this score calculated)

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-091

Timeline

2025-01-15 00:30:25 UTC
CVE

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2,...