OS Command Injection Vulnerabilities in FortiWeb Versions 7.0.1 and below, 6.4, and 6.3.19 and below

OS Command Injection Vulnerabilities in FortiWeb Versions 7.0.1 and below, 6.4, and 6.3.19 and below

CVE-2023-23779 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.

Learn more about our Web App Pen Testing.