CVE-2023-34990
https://notcve.org/view.php?id=CVE-2023-34990
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. • https://fortiguard.com/psirt/FG-IR-23-144 • CWE-23: Relative Path Traversal CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-48782
https://notcve.org/view.php?id=CVE-2023-48782
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet FortiWLM versión 8.6.0 a 8.6.5 permite al atacante ejecutar código o comandos no autorizados a través de parámetros de solicitud http get específicamente manipulados • https://fortiguard.com/psirt/FG-IR-23-450 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-34991
https://notcve.org/view.php?id=CVE-2023-34991
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request. Una neutralización inadecuada de elementos especiales utilizados en un comando sql ("inyección sql") en Fortinet FortiWLM versión 8.6.0 a 8.6.5 y 8.5.0 a 8.5.4 y 8.4.0 a 8.4.2 y 8.3.0 a 8.3 .2 y 8.2.2 permiten a un atacante ejecutar código o comandos no autorizados a través de una solicitud http manipuladas. • https://fortiguard.com/psirt/FG-IR-23-142 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-42783
https://notcve.org/view.php?id=CVE-2023-42783
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests. Path Traversal relativo en Fortinet FortiWLM versión 8.6.0 a 8.6.5 y 8.5.0 a 8.5.4 y 8.4.2 a 8.4.0 y 8.3.2 a 8.3.0 y 8.2.2 permite al atacante leer archivos arbitrarios a través de solicitudes http manipuladas. • https://fortiguard.com/psirt/FG-IR-23-143 • CWE-23: Relative Path Traversal •
CVE-2023-36548
https://notcve.org/view.php?id=CVE-2023-36548
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet FortiWLM versión 8.6.0 a 8.6.5 y 8.5.0 a 8.5.4 permite al atacante ejecutar código o comandos no autorizados a través de parámetros de solicitud HTTP get específicamente manipulados. • https://fortiguard.com/psirt/FG-IR-23-140 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •