CVSSv3 Score:
9.1
An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.This has been observed to be exploited in the wild.
Revised on 2026-02-06 00:00:00
