CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-27482
https://notcve.org/view.php?id=CVE-2022-27482
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands. • https://fortiguard.com/psirt/FG-IR-22-046 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-39947
https://notcve.org/view.php?id=CVE-2022-39947
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attacker to execute unauthorized code or commands via specifically crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-061 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-33875
https://notcve.org/view.php?id=CVE-2022-33875
An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. Una neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de Comando SQL ("Inyección SQL") en Fortinet FortiADC versión 7.1.0, versión 7.0.0 a 7.0.2 y versión 6.2.4 y anteriores permite a un atacante autenticado ejecutar código no autorizado o comandos a través de solicitudes HTTP específicamente manipuladas. • https://fortiguard.com/psirt/FG-IR-22-252 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-33876
https://notcve.org/view.php?id=CVE-2022-33876
Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests. Múltiples instancias de vulnerabilidad de validación de entrada incorrecta en Fortinet FortiADC versión 7.1.0, versión 7.0.0 a 7.0.2 y versión 6.2.4 y anteriores permiten a un atacante autenticado recuperar archivos con una extensión específica del sistema Linux subyacente a través de solicitudes HTTP manipuladas. • https://fortiguard.com/psirt/FG-IR-22-253 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2022-38374
https://notcve.org/view.php?id=CVE-2022-38374
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews. Una neutralización inadecuada de la entrada durante la generación de la página web ("cross-site scripting") en Fortinet FortiADC 7.0.0 - 7.0.2 y 6.2.0 - 6.2.4 permite a un atacante ejecutar código o comandos no autorizados a través de la URL y los campos de Usuario observado en las vistas de registro de tráfico y eventos. • https://github.com/azhurtanov/CVE-2022-38374 https://github.com/M4fiaB0y/CVE-2022-38374 https://fortiguard.com/psirt/FG-IR-22-232 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •