Path traversal

2023-02-1619:15:00

PRIOn knowledge base

www.prio-n.com

path traversal

fortiweb 7.0.0

fortiweb 7.0.1

fortiweb 6.3.0

fortiweb 6.3.19

fortiweb 6.4

fortiweb 6.2

fortiweb 6.1

fortiweb 6.0

authenticated attacker

file retrieval

file system

web requests

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.5%

JSON

A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests.

CPENameOperatorVersion
fortiwebeq6.4.0
fortiwebeq6.4.1
fortiwebeq6.4.2
fortiwebeq7.0.0
fortiwebeq7.0.1
fortiwebge6.0.0
fortiweble6.0.8
fortiwebge6.1.0
fortiweble6.1.3
fortiwebge6.2.0

Name	Operator	Version
fortiweb	eq	6.4.0
fortiweb	eq	6.4.1
fortiweb	eq	6.4.2
fortiweb	eq	7.0.0
fortiweb	eq	7.0.1
fortiweb	ge	6.0.0
fortiweb	le	6.0.8
fortiweb	ge	6.1.0
fortiweb	le	6.1.3
fortiweb	ge	6.2.0