A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HFortinet Fortiextender
HWFortinetwszystkie wersjeFortinet Fortiextender Firmware
OSFortinet3.0.03.0.13.0.23.1.03.1.15.3.24.2.0 – 4.2.5 (bez)3.3.0 – 3.3.3 (bez)7.0.0 – 7.0.4 (bez)4.1.1 – 4.1.9 (bez)3.2.1 – 3.2.4 (bez)
Powiązane podatności
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet Forti...
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0...
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fo...
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtende...
A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1...