5 articles tagged with "Sql Injection"
CVE-2026-21643 exploitation began March 26, six weeks after Fortinet's patch. Around 1,000 internet-exposed EMS instances remain vulnerable to unauthenticated RCE.
Fortinet's March 2026 security advisory addresses 11 vulnerabilities including auth bypass, SQL injection, and buffer overflow flaws affecting enterprise management products.
WordPress plugin wpForo 2.4.14 contains unauthenticated SQL injection, PHP object injection, and multiple authorization bypass flaws. Over 80,000 sites at risk.
CVE-2026-21643 allows unauthenticated attackers to chain SQL injection with command execution in FortiClient EMS. CVSS 9.8 affects version 7.4.4—upgrade to 7.4.5 immediately.
January 2026 Patch Day addresses 17 flaws including four HotNews vulnerabilities. CVE-2026-0501 allows authenticated attackers to compromise S/4HANA financial systems.