16 matches found
CVE-2021-41016
A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters...
EUVD-2021-28169
Malicious code in bioql PyPI...
EUVD-2024-21136
Malicious code in bioql PyPI...
EUVD-2022-31990
Malicious code in bioql PyPI...
CVE-2024-23663
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request...
CVE-2022-27489
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...
Fortinet FortiExtender Access Control Error Vulnerability (CNVD-2024-37340)
Fortinet FortiExtender is a wireless WAN wide area network extender device from Fortinet. An Access Control Error vulnerability exists in Fortinet FortiExtender, which stems from the presence of improper access control and can be exploited by an attacker to create a user with elevated privileges...
CVE-2024-23663
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request...
CVE-2024-23663
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request...
Command injection
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...
CVE-2022-27489
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...
CVE-2021-41016
A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters...
CVE-2021-41016
A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters...
CVE-2021-41016
A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters...
Fortinet FortiExtender 操作系统命令注入漏洞
Fortinet FortiExtender is a wireless WAN extender appliance from Fortinet, Inc. A command injection vulnerability exists in Fortinet FortiExtender, which can be exploited by an authenticated attacker to execute privileged shell commands via CLI commands...
Fortinet FortiExtender CVE-2019-15710 OS Command Injection Vulnerability
Description Fortinet FortiExtender is prone to an OS command-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further...