CVE-2025-49784

HIGH WAF: High

CVSS 7.2 Published: 2026-03-10

CWE-89

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests.

WAF Coverage Analysis

SQL Injection High WAF Coverage

OWASP: A03:2021 Injection

942xxx - SQL Injection

Affected Software

Vendor	Product	Version
fortinet	fortianalyzer	6.4.0 - 7.4.8
fortinet	fortianalyzer	7.6.0 - 7.6.5
fortinet	fortianalyzer_big_data	6.2.1 - 7.4.5
fortinet	fortianalyzer_big_data	7.6.0

References

fortiguard.fortinet.com (Vendor Advisory)

Back to CVE Database