A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-254 | Vendor Advisory |
https://fortiguard.com/psirt/FG-IR-22-254 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://fortiguard.com/psirt/FG-IR-22-254 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
Information
Published : 2023-03-07 17:15
Updated : 2024-11-21 07:18
NVD link : CVE-2022-39951
Mitre link : CVE-2022-39951
CVE.ORG link : CVE-2022-39951
JSON object : View
Products Affected
fortinet
- fortiweb
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')