Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortiweb 7.0.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46713
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an malicious user to forge traffic logs via a crafted URL of the web application.
Fortinet Fortiweb
Fortinet Fortiweb 7.4.0
NA
CVE-2023-34984
A protection mechanism failure in Fortinet FortiWeb 7.2.0 up to and including 7.2.1, 7.0.0 up to and including 7.0.6, 6.4.0 up to and including 6.4.3, 6.3.6 up to and including 6.3.23 allows malicious user to execute unauthorized code or commands via specially crafted HTTP reques...
Fortinet Fortiweb
NA
CVE-2023-23777
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged malicious user to execute arbitrary bash commands ...
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
NA
CVE-2023-33305
A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 up to and including 7.2.4, FortiOS version 7.0.0 up to and including 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0...
Fortinet Fortiproxy
Fortinet Fortios
Fortinet Fortiweb
Fortinet Fortiweb 7.2.0
Fortinet Fortiweb 7.2.1
NA
CVE-2022-43955
An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 up to and including 7.0.3, 6.3.0 up to and including 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remo...
Fortinet Fortiweb
NA
CVE-2022-43948
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 up to and including 7.0.3, FortiADC version 7.1.0 up to and including 7.1.1, FortiADC version 7.0.0 up to and including 7.0.3, FortiADC 6.2 al...
Fortinet Fortiweb
Fortinet Fortiadc
NA
CVE-2022-39951
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 up to and including 7.0.2, FortiWeb version 6.3.6 up to and including 6.3.20, FortiWeb 6.4 all versions allows malicious user to execute unaut...
Fortinet Fortiweb
NA
CVE-2023-22636
An unauthorized configuration download vulnerability in FortiWeb 6.3.6 up to and including 6.3.21, 6.4.0 up to and including 6.4.2 and 7.0.0 up to and including 7.0.4 may allow a local malicious user to access confidential configuration files via a crafted http request.
Fortinet Fortiweb
NA
CVE-2022-30299
A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 up to and including 7.0.1, 6.3.0 up to and including 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated malicious user to retrieve specific parts of files f...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
NA
CVE-2022-30300
A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 up to and including 7.0.1, 6.3.6 up to and including 6.3.18, 6.4 all versions may allow an authenticated malicious user to obtain unauthorized access to files and data via specifically crafted HTTP GET requests.
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »