Unrated severityNVD Advisory· Published May 11, 2022· Updated Oct 25, 2024
CVE-2022-26116
CVE-2022-26116
Description
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.
Affected products
2- Range: <= 8.3.7, <= 8.5.2, 8.5.4, 8.6.0, <= 8.6.5, <= 8.7.6, <= 8.8.11, <= 9.1.5, <= 9.2.2
Patches
Vulnerability mechanics
References
1- fortiguard.com/psirt/FG-IR-22-062mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.