Lucene search
China National Vulnerability DatabaseCNVD-2023-18295HistoryMar 01, 2023 - 12:00 a.m.
Fortinet FortiWeb Formatting String Error Vulnerability
2023-03-0100:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
fortinet
web application firewall
cross-site scripting
sql injection
command parameters
formatted string error
sensitive database content
attack
0.0004 Low
EPSS
Percentile
5.2%
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A formatted string error vulnerability exists that could be exploited by an attacker to execute unauthorized code or commands via specially crafted command parameters.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fortinet fortiweb | eq | 6.4 | |
| fortinet fortiweb >=7.0.0, | le | 7.0.1 |
Related
prion
prion
Format string
2023-02-16 19:15:00
cve
cve
CVE-2023-23783
2023-02-16 19:15:14
nessus
nessus
Fortinet FortiWeb - format string vulnerability in the CLI (FG-IR-22-187)
2024-05-22 00:00:00
nvd
nvd
CVE-2023-23783
2023-02-16 19:15:14
cvelist
cvelist
CVE-2023-23783
2023-02-16 18:05:55
fortinet
fortinet
FortiWeb - format string vulnerability in the CLI
2023-02-16 00:00:00