FortiWeb SQLi exploited post-PoC, urgent patch needed.

On July 11, threat actors began exploiting a critical SQL injection flaw in Fortinet FortiWeb immediately after proof-of-concept code was published, leading to webshells on dozens of devices. The vulnerability in Fabric Connector endpoints lets unauthenticated attackers inject SQL via crafted Authorization headers, write malicious Python files, and achieve remote code execution. Fortinet released patches on July 8 for FortiWeb versions 7.6.4, 7.4.8, 7.2.11, and 7.0.11; administrators unable to patch immediately should disable the HTTP/HTTPS administrative interface. With over 20,000 internet-accessible FortiWeb appliances at risk, urgent updates are essential to halt ongoing compromises.

Read more:

https://www.securityweek.com/fortinet-fortiweb-flaw-exploited-in-the-wild-after-poc-publication/