Command injection

2023-10-1017:15:00

PRIOn knowledge base

www.prio-n.com

fortinet fortiwlm

command injection

os command

unauthorized code execution

http request parameters

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.7%

JSON

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.

CPENameOperatorVersion
fortiwlmge8.6.0
fortiwlmle8.6.5
fortiwlmge8.5.0
fortiwlmle8.5.4

Name	Operator	Version
fortiwlm	ge	8.6.0
fortiwlm	le	8.6.5
fortiwlm	ge	8.5.0
fortiwlm	le	8.5.4

References

fortiguard.com/psirt/FG-IR-23-141