CVE-2024-55593: A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows...

2.6 CVSS

Description

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries

Classification

CVE ID: CVE-2024-55593

CVSS Base Severity: LOW

CVSS Base Score: 2.6

Affected Products

Vendor: Fortinet

Product: FortiWeb

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 16.23% (scored less or equal to compared to others)

EPSS Date: 2025-02-12 (when was this score calculated)

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-465

Timeline

2025-01-15 00:30:32 UTC
CVE

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows...