📦 Fortiweb

This authentication bypass vulnerability allows attackers with a FortiCloud account and registered device to log into other organizations' Fortinet devices when FortiCloud SSO authentication is enable...

A relative path traversal vulnerability in Fortinet FortiWeb web application firewalls allows attackers to execute administrative commands via crafted HTTP/HTTPS requests. This affects FortiWeb versio...

This SQL injection vulnerability in Fortinet FortiWeb web application firewalls allows unauthenticated attackers to execute arbitrary SQL commands via crafted HTTP/HTTPS requests. Affected organizatio...

This critical vulnerability allows remote unauthenticated attackers to execute arbitrary code or commands on affected Fortinet devices via crafted requests to the administrative interface. It affects ...

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code on FortiWeb web application firewalls via specially crafted HTTP requests. It affects multiple FortiWeb ve...

This CVE describes a blind SQL injection vulnerability in FortiWeb's user interface that allows unauthenticated remote attackers to execute arbitrary SQL queries or commands. Attackers can exploit thi...

This vulnerability allows unauthenticated attackers to execute arbitrary operations on FortiWeb web application firewalls by sending crafted HTTP/HTTPS requests with forged cookies. Attackers need pri...

This OS command injection vulnerability in Fortinet FortiWeb web application firewalls allows authenticated attackers to execute arbitrary commands on the underlying system. Attackers can exploit this...

A format string vulnerability in multiple Fortinet products allows privileged attackers to execute arbitrary code via crafted HTTP/HTTPS requests. This affects FortiOS, FortiProxy, FortiPAM, FortiSRA,...

This CVE describes an OS command injection vulnerability in Fortinet FortiWeb web application firewalls. Attackers can execute arbitrary commands on affected devices by sending specially crafted input...

This vulnerability allows privileged attackers to execute arbitrary bash commands on FortiWeb web application firewalls through crafted CLI backup parameters. It affects FortiWeb versions 7.0.1 and be...

This vulnerability allows unauthenticated remote attackers to perform reflected cross-site scripting (XSS) attacks against FortiWeb web interfaces by injecting malicious payloads into log entries used...

This CVE describes an OS command injection vulnerability in Fortinet FortiWeb web application firewalls. Attackers can execute arbitrary commands on affected devices by sending specially crafted HTTP ...

This CVE describes a stack-based buffer overflow vulnerability in Fortinet FortiWeb web application firewalls. Attackers can exploit it via specially crafted HTTP requests to escalate privileges, pote...

This is a heap-based buffer overflow vulnerability in Fortinet FortiWeb web application firewalls that allows attackers to escalate privileges by sending specially crafted arguments to existing comman...

This CVE describes a stack-based buffer overflow vulnerability in Fortinet FortiWeb web application firewalls. Attackers can exploit it by sending specially crafted command arguments to execute arbitr...

CVE-2022-40683 is a double-free vulnerability in Fortinet FortiWeb web application firewalls that could allow attackers to execute arbitrary code or commands. This affects FortiWeb versions 7.0.0 thro...

This vulnerability allows authenticated attackers to execute arbitrary shell commands with root privileges on FortiWeb web application firewalls. It affects FortiWeb versions 6.3.0-6.3.19, 6.4 all ver...

This OS command injection vulnerability in Fortinet FortiWeb allows attackers to execute arbitrary commands on affected devices via specially crafted HTTP requests. It affects FortiWeb versions 6.4.1 ...

This vulnerability allows remote attackers to execute arbitrary code on Fortinet FortiWeb web application firewalls via specially crafted HTTP requests to the LogReport API controller. Attackers can e...

This vulnerability allows authenticated attackers to execute arbitrary code on FortiWeb web application firewalls through stack-based buffer overflows in API controllers. Attackers can gain full syste...

This vulnerability allows remote authenticated attackers to execute arbitrary code or commands on affected FortiWeb devices via crafted HTTP requests. It affects FortiWeb versions 6.3.0 through 6.3.15...

CVE-2021-41014 is a denial-of-service vulnerability in Fortinet FortiWeb web application firewalls where unauthenticated attackers can send specially crafted huge HTTP packets to crash the httpsd daem...

This vulnerability allows authenticated attackers to execute arbitrary commands on FortiWeb web application firewalls by sending specially crafted HTTP requests to the management interface. It affects...

This vulnerability allows attackers to execute arbitrary commands on Fortinet FortiWeb web application firewalls by sending specially crafted HTTP requests. It affects FortiWeb version 6.3.13 and belo...

This CVE describes an OS command injection vulnerability in FortiWeb's management interface that allows remote authenticated attackers to execute arbitrary commands on the system. The vulnerability ex...

This vulnerability allows unauthenticated attackers to bypass authentication on FortiWeb web application firewalls by using password hashes instead of actual passwords. Attackers can craft HTTP/HTTPS ...

This vulnerability involves hard-coded credentials in Fortinet FortiWeb web application firewalls that could allow authenticated attackers with shell access to connect to the Redis service and access ...

A relative path traversal vulnerability in FortiWeb web application firewalls allows authenticated attackers to read arbitrary files on the underlying system. This affects FortiWeb versions 7.6.0-7.6....

A stack-based buffer overflow vulnerability in Fortinet FortiWeb CLI allows privileged attackers to execute arbitrary code or commands via crafted CLI commands. This affects FortiWeb versions 7.6.0 th...

This CVE describes an OS command injection vulnerability in Fortinet FortiWeb's command-line interface that allows privileged attackers to execute arbitrary commands. Affected systems include FortiWeb...

This CVE describes an improper privilege management vulnerability in multiple Fortinet products where authenticated users with read-only admin permissions can escalate to super-admin privileges via cr...

This vulnerability allows authenticated attackers with read-only admin permissions in FortiWeb to manipulate other administrators' dashboard widgets via specially crafted requests. It affects FortiWeb...

CVE-2024-55594 is an improper input validation vulnerability in Fortinet FortiWeb web application firewalls that allows attackers to execute arbitrary code or commands via specially crafted HTTP/S req...

This path traversal vulnerability in Fortinet FortiWeb web application firewalls allows attackers to bypass directory restrictions and potentially execute unauthorized code or commands. It affects org...

CVE-2023-42784 is an improper input validation vulnerability in Fortinet FortiWeb web application firewalls that allows attackers to execute arbitrary code or commands via specially crafted HTTP/S req...

This OS command injection vulnerability in Fortinet FortiWeb allows attackers to execute arbitrary commands on affected devices by sending specially crafted input. It affects FortiWeb versions 7.0.0 t...

This path traversal vulnerability (CWE-22) in multiple Fortinet products allows attackers to escalate privileges by sending specially crafted packets. Affected systems include FortiRecorder, FortiVoic...

A stack-based buffer overflow vulnerability in Fortinet FortiWeb allows privileged users to execute arbitrary code via specially crafted CLI commands. This affects FortiWeb versions 7.2.0-7.2.7 and 7....

This vulnerability allows a man-in-the-middle attacker to intercept and manipulate communications between FortiWeb WAF devices and external data sources. Attackers could decrypt or tamper with data fe...

This vulnerability allows authenticated attackers on FortiWeb web application firewalls to read password hashes of other administrators through CLI commands. This affects FortiWeb versions 7.4.0, 7.2....