CVE-2022-23447
https://notcve.org/view.php?id=CVE-2022-23447
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. • https://fortiguard.com/psirt/FG-IR-22-039 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-27489
https://notcve.org/view.php?id=CVE-2022-27489
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-048 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-41016
https://notcve.org/view.php?id=CVE-2021-41016
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters Una neutralización inapropiada de los elementos especiales usados en un comando ("command injection") en Fortinet FortiExtender versión 7.0.1 y anteriores, versiones 4.2.3 y anteriores, versiones 4.1.7 y anteriores permite a un atacante autenticado ejecutar comandos shell privilegiados por medio de comandos CLI que incluyen caracteres especiales • https://fortiguard.com/advisory/FG-IR-21-148 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •