Vulnerabilities > Fortinet > Fortiweb > High

DATE CVE VULNERABILITY TITLE RISK
2024-06-03 CVE-2024-23665 Unspecified vulnerability in Fortinet Fortiweb
Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests.
network
low complexity
fortinet
8.8
2023-09-13 CVE-2023-34984 Unspecified vulnerability in Fortinet Fortiweb
A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
network
low complexity
fortinet
8.8
2023-07-11 CVE-2023-23777 OS Command Injection vulnerability in Fortinet Fortiweb
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters.
network
low complexity
fortinet CWE-78
7.2
2023-04-11 CVE-2022-43948 OS Command Injection vulnerability in Fortinet Fortiadc and Fortiweb
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions, FortiADC 5.4 all versions, FortiADC 5.3 all versions, FortiADC 5.2 all versions, FortiADC 5.1 all versions allows attacker to execute unauthorized code or commands via specifically crafted arguments to existing commands.
local
low complexity
fortinet CWE-78
7.8
2023-03-07 CVE-2022-39951 OS Command Injection vulnerability in Fortinet Fortiweb
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
network
low complexity
fortinet CWE-78
8.8
2023-02-16 CVE-2022-30303 OS Command Injection vulnerability in Fortinet Fortiweb
An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as `root` user via crafted HTTP requests.
network
low complexity
fortinet CWE-78
8.8
2023-02-16 CVE-2022-30306 Out-of-bounds Write vulnerability in Fortinet Fortiweb
A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password.
network
low complexity
fortinet CWE-787
8.8
2023-02-16 CVE-2022-33871 Out-of-bounds Write vulnerability in Fortinet Fortiweb
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations.
network
low complexity
fortinet CWE-787
7.2
2023-02-16 CVE-2022-40683 Double Free vulnerability in Fortinet Fortiweb 7.0.0/7.0.1/7.0.2
A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially crafted commands
local
low complexity
fortinet CWE-415
7.8
2023-02-16 CVE-2023-23779 OS Command Injection vulnerability in Fortinet Fortiweb
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.
network
low complexity
fortinet CWE-78
8.8