VYPR
Unrated severityNVD Advisory· Published Feb 16, 2023· Updated Oct 23, 2024

CVE-2022-30303

CVE-2022-30303

Description

An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests.

Affected products

2
  • Fortinet/Fortiwebllm-fuzzy2 versions
    >=6.3.0 <=6.3.19, >=6.4.0, >=7.0.0 <=7.0.1+ 1 more
    • (no CPE)range: >=6.3.0 <=6.3.19, >=6.4.0, >=7.0.0 <=7.0.1
    • (no CPE)range: 7.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.

CVE-2022-30303 · VYPR