Vulnerabilities > Fortinet > Fortiwlm > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-34991 SQL Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request.
network
low complexity
fortinet CWE-89
critical
 9.8
9.8
2023-10-10 CVE-2023-36550 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
network
low complexity
fortinet CWE-78
critical
 9.8
9.8
2023-10-10 CVE-2023-36549 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
network
low complexity
fortinet CWE-78
critical
 9.8
9.8
2023-10-10 CVE-2023-36548 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
network
low complexity
fortinet CWE-78
critical
 9.8
9.8
2023-10-10 CVE-2023-36547 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
network
low complexity
fortinet CWE-78
critical
 9.8
9.8
2023-10-10 CVE-2023-34993 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
network
low complexity
fortinet CWE-78
critical
 9.8
9.8
2022-03-01 CVE-2021-43075 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers.
network
low complexity
fortinet CWE-78
critical
 9.0
9.0