Fortinet FortiWLM Unauthenticated Command Injection Vulnerability

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands Successful exploitation of this vulnerability could allow an attacker to...

EUVD-2021-30030

Malicious code in bioql PyPI...

EUVD-2021-30023

Malicious code in bioql PyPI...

CVE-2023-42783

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests...

Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager FortiWLM that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0. It was originally fixed by...

CVE-2023-34990

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests...

FortiWLM progressfile command injection

Added: 03/18/2024 Background Fortinet Wireless Manager FortiWLM allows you to manage wireless networks on FortiGates. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by calling the deleteprogressfile function with a specially crafted...

CVE-2023-48782

Fortinet FortiWLM vulnerability CVE-2023-48782: OS command injection in FortiWLM 8.6.0–8.6.5 allows remote execution through specially crafted HTTP GET parameters. Reported impact includes unauthorized command execution; Fortinet lists a fix in 8.6.6+ (per the linked advisories).

CVE-2023-42783

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests...

Path traversal

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests...

CVE-2023-42783

Fortinet FortiWLM is affected by a path traversal vulnerability (CVE-2023-42783) allowing an attacker to read arbitrary files via crafted HTTP requests. Affected versions: 8.2.2–8.3.0, 8.3.2–8.4.0, 8.4.2–8.5.4, and 8.6.0–8.6.5. Root cause relates to improper handling of relative paths to director...

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, arises from insufficient validation of arguments passed in commands. This allows attackers to execute arbitrary code.

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

CVE-2023-36550

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters...

CVE-2023-34986

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

CVE-2023-34988

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

CVE-2023-34985

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters...

CVE-2023-36548

Fortinet FortiWLM is affected by an OS command injection due to improper neutralization of special elements in HTTP GET request parameters. Affects FortiWLM versions 8.5.0–8.5.4 and 8.6.0–8.6.5. The root cause is improper handling of input that leads to remote code execution with network access. ...

CVE-2023-36547

Fortinet FortiWLM is affected by CVE-2023-36547 through OS command injection in FortiWLM 8.6.0–8.6.5 and 8.5.0–8.5.4. The root cause is improper neutralization of special elements in HTTP GET parameters, enabling an attacker to execute arbitrary code or commands. Functionally, impact is high (una...

CVE-2023-34993

Fortinet FortiWLM is affected by an OS command injection in FortiWLM 8.6.0–8.6.5 and 8.5.0–8.5.4 due to improper neutralization of command elements. An unauthenticated attacker can remotely execute arbitrary commands by crafting specific HTTP GET parameters, potentially bypassing authentication a...