Medium severity5.5NVD Advisory· Published Mar 7, 2023· Updated Jun 17, 2026
CVE-2022-22297
CVE-2022-22297
Description
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.
Affected products
46.4.0 through 6.4.3, all versions 6.0, all versions 2.7+ 1 more
- (no CPE)range: 6.4.0 through 6.4.3, all versions 6.0, all versions 2.7
- (no CPE)range: 6.4.0
Patches
Vulnerability mechanics
References
1- fortiguard.com/psirt/FG-IR-21-218nvdVendor Advisory
News mentions
0No linked articles in our index yet.