Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-34989 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.
network
low complexity
fortinet CWE-78
8.8
2023-10-10 CVE-2023-34992 OS Command Injection vulnerability in Fortinet Fortisiem
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests.
network
low complexity
fortinet CWE-78
critical
9.8
2023-10-10 CVE-2023-34993 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
network
low complexity
fortinet CWE-78
critical
9.8
2023-10-10 CVE-2023-36547 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
network
low complexity
fortinet CWE-78
critical
9.8
2023-10-10 CVE-2023-36548 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
network
low complexity
fortinet CWE-78
critical
9.8
2023-10-10 CVE-2023-36549 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
network
low complexity
fortinet CWE-78
critical
9.8
2023-10-10 CVE-2023-36550 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
network
low complexity
fortinet CWE-78
critical
9.8
2023-10-10 CVE-2023-41838 OS Command Injection vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.
local
low complexity
fortinet CWE-78
7.1
2023-10-10 CVE-2023-42788 OS Command Injection vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command
local
low complexity
fortinet CWE-78
6.7
2023-10-10 CVE-2023-30805 OS Command Injection vulnerability in Sangfor Next-Gen Application Firewall 8.0.17
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability.
network
low complexity
sangfor CWE-78
critical
9.8