Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

fortinet fortiweb vulnerabilities and exploits

(subscribe to this query)

8.8
CVE-2022-30306
A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password....
Fortinet Fortiweb 6.4.0Fortinet Fortiweb 6.4.1Fortinet Fortiweb 6.4.2Fortinet Fortiweb 7.0.0Fortinet Fortiweb 7.0.1Fortinet Fortiweb
9.8
CVSSv3
CVE-2021-41025
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper...
Fortinet Fortiweb 6.4.0Fortinet FortiwebFortinet Fortiweb 6.4.1Fortinet Fortiweb 6.1.0Fortinet Fortiweb 6.1.1Fortinet Fortiweb 6.1.2Fortinet Fortiweb 6.4.2
5.4
CVE-2022-42471
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote...
Fortinet Fortiweb 6.4.0Fortinet Fortiweb 6.4.1Fortinet Fortiweb 6.4.2Fortinet Fortiweb 7.0.0Fortinet Fortiweb 7.0.1Fortinet Fortiweb 7.0.2Fortinet Fortiweb
6.5
CVE-2023-23778
A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests....
Fortinet Fortiweb 6.4.0Fortinet Fortiweb 6.4.1Fortinet Fortiweb 6.4.2Fortinet Fortiweb 7.0.0Fortinet Fortiweb 7.0.1Fortinet Fortiweb
8.8
CVE-2022-30303
An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as `root` user via...
Fortinet Fortiweb 6.4.0Fortinet Fortiweb 6.4.1Fortinet Fortiweb 6.4.2Fortinet Fortiweb 7.0.0Fortinet Fortiweb 7.0.1Fortinet Fortiweb
8.8
CVSSv3
CVE-2021-36195
Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via...
Fortinet Fortiweb 6.1.0Fortinet Fortiweb 6.1.1Fortinet Fortiweb 6.1.2Fortinet FortiwebFortinet Fortiweb 6.4.0Fortinet Fortiweb 6.4.1
8.8
CVE-2023-23779
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code...
Fortinet Fortiweb 6.4.0Fortinet Fortiweb 6.4.1Fortinet Fortiweb 6.4.2Fortinet Fortiweb 7.0.0Fortinet Fortiweb 7.0.1Fortinet Fortiweb
7.2
CVE-2022-33871
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute...
Fortinet Fortiweb 6.4.0Fortinet Fortiweb 6.4.1Fortinet Fortiweb 6.4.2Fortinet Fortiweb 7.0.0Fortinet Fortiweb 7.0.1Fortinet Fortiweb
NA
CVE-2014-8619
Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....
Fortinet Fortiweb 5.2.2Fortinet Fortiweb 5.2.3Fortinet Fortiweb 5.1.2Fortinet Fortiweb 5.2.4Fortinet Fortiweb 5.3.0Fortinet Fortiweb 5.2.0Fortinet Fortiweb 5.2.1Fortinet Fortiweb 5.3.3Fortinet Fortiweb 5.3.4Fortinet Fortiweb 5.1.3Fortinet Fortiweb 5.1.4Fortinet Fortiweb 5.3.1Fortinet Fortiweb 5.3.2
NA
CVE-2014-4738
Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg....
Fortinet Fortiweb 5.0.2Fortinet Fortiweb 5.0.3Fortinet Fortiweb 5.1.1Fortinet Fortiweb 5.1.2Fortinet Fortiweb 5.0.4Fortinet Fortiweb 5.0.0Fortinet Fortiweb 5.1.0Fortinet Fortiweb 5.2.0Fortinet Fortiweb 5.1.3Fortinet Fortiweb 5.1.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute forcelog injectionCVE-2023-6510CVE-2023-49248CVE-2023-49374CVE-2023-26360XSSCVE-2023-46674CVE-2023-49105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook