FortiWeb - OS command injection in Web GUI

2023-02-1600:00:00

FortiGuard Labs

www.fortiguard.com

os command injection

cwe-78

fortiweb

web gui

security vulnerability

arbitrary shell code

http requests

root user

0.001 Low

EPSS

Percentile

46.4%

JSON

An improper neutralization of special elements used in an os command (‘OS Command Injection’) [CWE-78] in FortiWeb may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests.

CPENameOperatorVersion
fortiwebeq7.0.1
fortiwebeq7.0.0
fortiwebeq6.4.3
fortiwebeq6.4.2
fortiwebeq6.4.1
fortiwebeq6.4.0
fortiwebeq6.3.9
fortiwebeq6.3.8
fortiwebeq6.3.7
fortiwebeq6.3.6

Name	Operator	Version
fortiweb	eq	7.0.1
fortiweb	eq	7.0.0
fortiweb	eq	6.4.3
fortiweb	eq	6.4.2
fortiweb	eq	6.4.1
fortiweb	eq	6.4.0
fortiweb	eq	6.3.9
fortiweb	eq	6.3.8
fortiweb	eq	6.3.7
fortiweb	eq	6.3.6

Rows per page:

1-10 of 261

0.001 Low

EPSS

Percentile

46.4%

JSON

Related for FG-IR-22-163