← back
CVE-2023-34991

CVE-2023-34991

CVSS 9.3 CRITICALEPSS 28.8%CWE-89
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X
Affected products
Fortinet · FortiWLM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.com/psirt/FG-IR-23-142