An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiRecorder and FortiWeb may allow an authenticated user to read arbitrary files via specially crafted command arguments.