Fortiweb@6.3.6 Security Vulnerabilities and Issues — Fortiweb@6.3.6 CVE List

Lucene search

FortinetFortiweb6.3.6

11 matches found

CVE•added 2023/07/11 9:15 a.m.•834 views

CVE-2023-23777

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters.

7.2CVSS7.4AI score0.00309EPSS

CVE•added 2023/02/27 9:15 a.m.•80 views

CVE-2023-22636

An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.

7CVSS3.8AI score0.00043EPSS

CVE•added 2023/09/13 1:15 p.m.•69 views

CVE-2023-34984

A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

8.8CVSS8.7AI score0.00479EPSS

CVE•added 2025/01/14 2:15 p.m.•51 views

CVE-2024-55593

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries

2.7CVSS4.2AI score0.00064EPSS

CVE•added 2023/02/16 7:15 p.m.•48 views

CVE-2022-30306

A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password.

8.8CVSS8.9AI score0.00258EPSS

CVE•added 2023/02/16 7:15 p.m.•47 views

CVE-2023-23784

A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests.

6.5CVSS6.2AI score0.0016EPSS

CVE•added 2023/03/07 5:15 p.m.•43 views

CVE-2022-39951

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requ...

8.8CVSS8.9AI score0.00366EPSS

CVE•added 2023/02/16 7:15 p.m.•42 views

CVE-2022-30300

A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests.

6.5CVSS6.2AI score0.0042EPSS

CVE•added 2023/02/16 7:15 p.m.•38 views

CVE-2022-33871

A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI execute backup-local rename and execute backup-local show oper...

7.2CVSS7.3AI score0.00197EPSS

CVE•added 2023/01/03 5:15 p.m.•38 views

CVE-2022-42471

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary he...

5.4CVSS5.6AI score0.004EPSS

CVE•added 2023/02/16 7:15 p.m.•38 views

CVE-2023-23779

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted param...

8.8CVSS8.9AI score0.00169EPSS