A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 up to and including 7.0.1, 6.3.0 up to and including 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated malicious user to retrieve specific parts of files from the underlying file system via specially crafted web requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiweb 6.4.0 |
||
fortinet fortiweb 6.4.1 |
||
fortinet fortiweb 6.4.2 |
||
fortinet fortiweb 7.0.0 |
||
fortinet fortiweb 7.0.1 |
||
fortinet fortiweb |