OS Command Injection Vulnerabilities in FortiWeb Versions 7.0.1 and below, 6.4, and 6.3.19 and below
CVE-2023-23779 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.
Learn more about our Web App Pen Testing.