An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb delete log filter component may allow a privileged attacker to execute SQL commands over the log database via specifically crafted strings parameters.
FortiWeb version 6.2.3 through 6.2.7
FortiWeb version 6.3.0 through 6.3.18
FortiWeb version 6.4.0 through 6.4.2
FortiWeb version 7.0.0 through 7.0.1
Upgrade to FortiWeb version 7.0.2 or above.