A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HFortinet Fortiextender
HWFortinetwszystkie wersjeFortinet Fortiextender Firmware
OSFortinet3.0.03.0.13.0.23.1.03.1.15.3.24.2.0 – 4.2.5 (bez)3.3.0 – 3.3.3 (bez)7.0.0 – 7.0.4 (bez)4.1.1 – 4.1.9 (bez)3.2.1 – 3.2.4 (bez)
Related vulnerabilities
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet Forti...
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0...
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fo...
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtende...
A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1...