cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-43070,https://securityvulnerability.io/vulnerability/CVE-2021-43070,Relative Path Traversal Vulnerabilities in FortiWLM Management Interface by Fortinet,"Multiple relative path traversal vulnerabilities have been identified in the FortiWLM management interface. These vulnerabilities affect various versions, potentially allowing an authenticated attacker to exploit the interface and retrieve arbitrary files from the underlying filesystem by crafting specific web requests. This poses a significant risk to the security and integrity of the data managed by FortiWLM.",Fortinet,Fortinet Fortiwlm,5.4,MEDIUM,0.0009299999801442027,false,,false,false,false,,,false,false,,2022-03-02T16:35:22.000Z,0
CVE-2021-43077,https://securityvulnerability.io/vulnerability/CVE-2021-43077,SQL Injection Vulnerability in Fortinet FortiWLM Products,"An SQL injection vulnerability exists in Fortinet FortiWLM, affecting several versions, where improper neutralization of special elements in SQL commands allows attackers to execute unauthorized code via specifically crafted HTTP requests directed at the AP monitor handlers. This flaw could lead to serious security breaches, making it imperative for users to apply patches or upgrade their installations.",Fortinet,Fortinet Fortiwlm,8.8,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2022-03-01T18:30:11.000Z,0
CVE-2021-43075,https://securityvulnerability.io/vulnerability/CVE-2021-43075,OS Command Injection Vulnerability in Fortinet FortiWLM Products,"An issue in Fortinet FortiWLM pertaining to improper neutralization of special elements allows attackers to execute unauthorized commands. This is possible through crafted HTTP requests directed at the alarm dashboard and controller configuration handlers, affecting multiple versions of the product, including those older than 8.6.2. Organizations utilizing FortiWLM should assess their configurations and consider applying mitigations as necessary to safeguard against potential exploits.",Fortinet,Fortinet Fortiwlm,8.8,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2022-03-01T18:25:11.000Z,0
CVE-2021-42752,https://securityvulnerability.io/vulnerability/CVE-2021-42752,Cross-Site Scripting Vulnerability in FortiWLM by Fortinet,"An improper handling of user input during web page generation in Fortinet's FortiWLM versions 8.6.1 and earlier allows attackers to exploit this vulnerability. By crafting specially designed HTTP requests, an attacker can inject and execute malicious JavaScript code on the victim's host, leading to potential unauthorized actions and data exposure.",Fortinet,Fortinet Fortiwlm,5.4,MEDIUM,0.0006699999794363976,false,,false,false,false,,,false,false,,2021-12-08T11:53:50.000Z,0
CVE-2021-42760,https://securityvulnerability.io/vulnerability/CVE-2021-42760,SQL Injection Vulnerability in Fortinet FortiWLM Software,"An improper neutralization of special elements used in SQL commands in Fortinet FortiWLM, specifically in versions 8.6.1 and earlier, permits attackers to execute crafted SQL queries. This exploitation can lead to unauthorized access and the disclosure of sensitive information stored in database tables, posing significant risks to data integrity and confidentiality.",Fortinet,Fortinet Fortiwlm,8.8,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2021-12-08T11:31:41.000Z,0
CVE-2021-41029,https://securityvulnerability.io/vulnerability/CVE-2021-41029,Cross-Site Scripting Vulnerability in Fortinet FortiWLM Products,"An improper neutralization of input during web page generation in Fortinet FortiWLM allows attackers to inject malicious JavaScript code. This code can be stored on the device and executed through specially crafted HTTP requests, potentially compromising the security of users interacting with the affected system. This vulnerability highlights the importance of robust input validation and the implementation of security best practices to prevent unauthorized script execution.",Fortinet,Fortinet Fortiwlm,6.4,MEDIUM,0.0006699999794363976,false,,false,false,false,,,false,false,,2021-12-08T11:29:46.000Z,0
CVE-2021-36184,https://securityvulnerability.io/vulnerability/CVE-2021-36184,SQL Injection Vulnerability in Fortinet FortiWLM Affected by Improper Neutralization,"Inadequate handling of special characters in SQL commands exposes Fortinet FortiWLM versions 8.6.1 and prior to SQL injection attacks, allowing attackers to retrieve sensitive information about devices, users, and the database through crafted HTTP requests. This vulnerability poses significant risks by enabling unauthorized access to critical data.",Fortinet,Fortinet Fortiwlm,8.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-11-02T18:51:45.000Z,0
CVE-2021-36185,https://securityvulnerability.io/vulnerability/CVE-2021-36185,OS Command Injection Vulnerability in Fortinet FortiWLM,"An OS Command Injection vulnerability exists in Fortinet FortiWLM versions 8.6.1 and earlier, allowing an attacker to execute arbitrary commands by sending specially crafted HTTP requests. This flaw arises from improper neutralization of special elements in the operating system command execution context, potentially leading to severe security implications for affected systems.",Fortinet,Fortinet Fortiwlm,8.8,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2021-11-02T18:45:54.000Z,0
CVE-2017-7336,https://securityvulnerability.io/vulnerability/CVE-2017-7336,,A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.,Fortinet,Fortinet Fortiwlm,9.8,CRITICAL,0.002400000113993883,false,,false,false,false,,,false,false,,2017-06-30T00:00:00.000Z,0