A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HFortinet Fortiextender
HWFortinetwszystkie wersjeFortinet Fortiextender Firmware
OSFortinet7.0.0 – 7.0.47.2.0 – 7.2.57.4.0 – 7.4.77.6.0 – 7.6.3
Related vulnerabilities
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0...
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fo...
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet Forti...
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtende...
A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1...