A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.

Related CVEs

CVE-2024-35275

Key Information

GHSA ID

GHSA-rp6x-j4c5-4rvc

Published

January 14, 2025 3:30 PM

Last Modified

January 14, 2025 3:30 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 11, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.