A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests.

Related CVEs

CVE-2021-42760

Key Information

GHSA ID

GHSA-94p6-v23w-67wg

Published

December 9, 2021 12:01 AM

Last Modified

December 10, 2021 12:01 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 11, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.