CVE-2024-50567

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

CVE-2024-50567

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

Fortinet FortiPortal Cross-Site Scripting Vulnerability (CNVD-2025-03523)

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. A cross-site scripting vulnerability exists in Fortinet FortiPortal that stems from an...

CVE-2024-47572

This CVE affects Fortinet FortiSOAR. The issue is an improper neutralization of formula elements in CSV files, exploitable by manipulating the CSV to cause code/command execution. Affected versions are FortiSOAR 7.2.1 through 7.4.1. Root cause: unsafe handling of CSV content leading to remote cod...

CVE-2024-26012

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2....

CVE-2024-52967

An improper neutralization of script-related html tags in a web page basic xss in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection...

CVE-2024-48886

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1...

Fortinet FortiManager Operating System Command Injection Vulnerability

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...

Fortinet FortiWLM Path Traversal Vulnerability (CNVD-2024-4963848)

Fortinet FortiWLM is a wireless manager from Fortinet, Inc. Fortinet FortiWLM suffers from a path traversal vulnerability that stems from the program failing to properly filter for specific elements in the path to a resource or file. An attacker could use this vulnerability to execute unauthorize...

CVE-2023-34990

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests...

Fortinet FortiWeb OS Command Injection because of missing input parameter sanitization (FG-IR-21-047)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-047 advisory. - A Improper neutralization of special elements used in a command 'Command Injection' in Fortinet FortiWeb version 6.3.13 and...

Fortinet FortiSandbox Path Traversal Vulnerability (CNVD-2024-20780)

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A path traversal vulnerability exists in Fortinet FortiSandbox, which stems fr...

Fortinet FortiEDR Access Control Error Vulnerability

Fortinet FortiEDR is an endpoint security solution built from the ground up by Fortinet. Fortinet FortiEDR suffers from an Access Control Error vulnerability that stems from insufficient handling of session expiration times, which can be exploited by an attacker to execute unauthorized code or...

CVE-2023-44766

A Cross Site Scripting XSS vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to...

Fortinet FortiAnalyzer Command Execution Vulnerability

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...