6 matches found
CVE-2025-66178
A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated...
Exploit for Relative Path Traversal in Fortinet Fortiweb
CVE-2025-64446 - FortiWeb Authentication Bypass Exploit De...
Fortinet FortiWeb OS command injection in Web GUI (FG-IR-22-163)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-163 advisory. - An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb 7.0.0 through...
PT-2023-14407 · Fortinet · Fortiadc +1
Name of the Vulnerable Software and Affected Versions: FortiWeb versions 7.0.0 through 7.0.3 FortiADC versions 7.1.0 through 7.1.1 FortiADC versions 7.0.0 through 7.0.3 FortiADC 6.2 all versions FortiADC 6.1 all versions FortiADC 6.0 all versions FortiADC 5.4 all versions FortiADC 5.3 all version...
CVE-2022-40683
A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially crafted commands...
Path traversal
A path traversal vulnerability CWE-23 in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially...