Command injection

2023-10-1017:15:00

PRIOn knowledge base

www.prio-n.com

command injection

fortinet fortiwlm

unauthorized code execution

http get request

security vulnerability

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.7%

JSON

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.

CPENameOperatorVersion
fortiwlmge8.6.0
fortiwlmle8.6.5
fortiwlmge8.5.0
fortiwlmle8.5.4

Name	Operator	Version
fortiwlm	ge	8.6.0
fortiwlm	le	8.6.5
fortiwlm	ge	8.5.0
fortiwlm	le	8.5.4

References

fortiguard.com/psirt/FG-IR-23-141