An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized cod

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Affected Products

Vendor	Product	Versions
fortinet	forticlientems	< 7.4.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-1142(Vendor Advisory)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-89

Published2/6/2026

Last enriched10h ago

Trending Score0

Source articles0

Independent0

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 100%