Lucene search
China National Vulnerability DatabaseCNVD-2023-18293HistoryMar 01, 2023 - 12:00 a.m.
Fortinet FortiWeb Path Traversal Vulnerability (CNVD-2023-18293)
2023-03-0100:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
fortinet fortiweb
path traversal
firewall
cross-site scripting
sql injection
authentication
http get
0.001 Low
EPSS
Percentile
39.7%
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A path traversal vulnerability exists that could be exploited by an authenticated attacker to gain unauthorized access to files and data via a specially crafted HTTP GET request.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fortinet fortiweb | eq | 6.4 | |
| fortinet fortiweb >=7.0.0, | le | 7.0.1 | |
| fortinet fortiweb >=6.3.6, | le | 6.3.18 |
Related
nvd
nvd
CVE-2022-30300
2023-02-16 19:15:12
cvelist
cvelist
CVE-2022-30300
2023-02-16 18:05:25
nessus
nessus
Fortinet FortiWeb - Path traversal in API handler (FG-IR-22-136)
2024-05-22 00:00:00
fortinet
fortinet
FortiWeb - Path traversal in API handler
2023-02-16 00:00:00
cve
cve
CVE-2022-30300
2023-02-16 19:15:12
prion
prion
Path traversal
2023-02-16 19:15:00