VYPR
Unrated severityNVD Advisory· Published Feb 16, 2023· Updated Oct 23, 2024

CVE-2023-23779

CVE-2023-23779

Description

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.

Affected products

2
  • Fortinet/Fortiwebllm-fuzzy2 versions
    <=7.0.1, all 6.4.x, <=6.3.19+ 1 more
    • (no CPE)range: <=7.0.1, all 6.4.x, <=6.3.19
    • (no CPE)range: 7.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.