CVE-2023-34984
https://notcve.org/view.php?id=CVE-2023-34984
A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. Una falla en el mecanismo de protección en Fortinet FortiWeb 7.2.0 a 7.2.1, 7.0.0 a 7.0.6, 6.4.0 a 6.4.3, 6.3.6 a 6.3.23 permite a un atacante ejecutar código o comandos no autorizados a través peticiones HTTP especialmente manipuladas. • https://fortiguard.com/psirt/FG-IR-23-068 • CWE-693: Protection Mechanism Failure •
CVE-2023-23777
https://notcve.org/view.php?id=CVE-2023-23777
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters. • https://fortiguard.com/psirt/FG-IR-22-131 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-33305
https://notcve.org/view.php?id=CVE-2023-33305
A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-375 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2022-43955
https://notcve.org/view.php?id=CVE-2022-43955
An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report. • https://fortiguard.com/psirt/FG-IR-22-428 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-43948
https://notcve.org/view.php?id=CVE-2022-43948
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions, FortiADC 5.4 all versions, FortiADC 5.3 all versions, FortiADC 5.2 all versions, FortiADC 5.1 all versions allows attacker to execute unauthorized code or commands via specifically crafted arguments to existing commands. • https://fortiguard.com/psirt/FG-IR-22-186 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •