CVE-2022-40679
https://notcve.org/view.php?id=CVE-2022-40679
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. • https://fortiguard.com/psirt/FG-IR-22-335 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-27482
https://notcve.org/view.php?id=CVE-2022-27482
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands. • https://fortiguard.com/psirt/FG-IR-22-046 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-39947
https://notcve.org/view.php?id=CVE-2022-39947
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attacker to execute unauthorized code or commands via specifically crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-061 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-33875
https://notcve.org/view.php?id=CVE-2022-33875
An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. Una neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de Comando SQL ("Inyección SQL") en Fortinet FortiADC versión 7.1.0, versión 7.0.0 a 7.0.2 y versión 6.2.4 y anteriores permite a un atacante autenticado ejecutar código no autorizado o comandos a través de solicitudes HTTP específicamente manipuladas. • https://fortiguard.com/psirt/FG-IR-22-252 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-33876
https://notcve.org/view.php?id=CVE-2022-33876
Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests. Múltiples instancias de vulnerabilidad de validación de entrada incorrecta en Fortinet FortiADC versión 7.1.0, versión 7.0.0 a 7.0.2 y versión 6.2.4 y anteriores permiten a un atacante autenticado recuperar archivos con una extensión específica del sistema Linux subyacente a través de solicitudes HTTP manipuladas. • https://fortiguard.com/psirt/FG-IR-22-253 • CWE-20: Improper Input Validation •