Vulnerabilities > Fortinet > Fortiap > High

DATE CVE VULNERABILITY TITLE RISK
2022-09-06 CVE-2022-29058 SQL Injection vulnerability in Fortinet products
An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
local
low complexity
fortinet CWE-89
7.8
2021-07-09 CVE-2021-26106 OS Command Injection vulnerability in Fortinet Fortiap, Fortiap-S and Fortiap-W2
An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments.
local
low complexity
fortinet CWE-78
7.8