Command injection

2023-12-1307:15:00

PRIOn knowledge base

www.prio-n.com

fortinet

command injection

os command

unauthorized code execution

http request

7.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

19.8%

JSON

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters

CPENameOperatorVersion
fortiwlmge8.6.0
fortiwlmle8.6.5

CPE	Name	Operator	Version
	fortiwlm	ge	8.6.0
	fortiwlm	le	8.6.5

References

fortiguard.com/psirt/FG-IR-23-450