Fortiweb Security Vulnerabilities and Issues — Fortiweb CVE List

Lucene search

FortinetFortiweb

9 matches found

CVE•added 2025/07/17 4:15 p.m.•91 views

CVE-2025-25257

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands...

9.8CVSS10AI score0.02731EPSS

CVE•added 2025/01/14 2:15 p.m.•73 views

CVE-2024-48884

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, ...

9.1CVSS7.7AI score0.00094EPSS

CVE•added 2025/06/10 5:21 p.m.•60 views

CVE-2025-22254

An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4.7 & FortiWeb version 7.6.0 through 7.6.1 and befo...

7.2CVSS7.2AI score0.00062EPSS

CVE•added 2025/01/16 9:15 a.m.•59 views

CVE-2024-48885

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 thro...

9.1CVSS7.3AI score0.00036EPSS

CVE•added 2025/04/08 2:15 p.m.•59 views

CVE-2025-25254

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated admin to access and modify the filesystem via crafted request...

7.2CVSS6.9AI score0.00121EPSS

CVE•added 2025/01/14 2:15 p.m.•50 views

CVE-2024-55593

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries

2.7CVSS4.2AI score0.00036EPSS

CVE•added 2025/02/11 5:15 p.m.•44 views

CVE-2024-50567

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

7.2CVSS7.3AI score0.00155EPSS

CVE•added 2025/03/11 3:15 p.m.•42 views

CVE-2023-42784

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

9.8CVSS7.5AI score0.00209EPSS

CVE•added 2025/02/11 5:15 p.m.•38 views

CVE-2024-50569

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

7.2CVSS6.8AI score0.00117EPSS