CVE-2022-33875

MEDIUM

Fortinet FortiADC <7.1.0 - SQL Injection

Title source: llm
STIX 2.1

Description

An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

References (1)

Core 1
Core References

Scores

CVSS v3 5.4
EPSS 0.0082
EPSS Percentile 74.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (5)
fortinet/fortiadc 7.0.0
fortinet/fortiadc 7.0.1
fortinet/fortiadc 7.0.2
fortinet/fortiadc 7.1.0
fortinet/fortiadc 5.2.0 - 6.2.4
Published Dec 06, 2022
Tracked Since Feb 18, 2026