A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-254 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2023-03-07 17:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-39951
Mitre link : CVE-2022-39951
CVE.ORG link : CVE-2022-39951
JSON object : View
Products Affected
fortinet
- fortiweb
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')