cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-50567,https://securityvulnerability.io/vulnerability/CVE-2024-50567,OS Command Injection Vulnerability in Fortinet FortiWeb,"An improper neutralization of special elements used in OS commands in Fortinet FortiWeb versions 7.4.0 through 7.6.0 allows attackers to exploit crafted input, potentially leading to the execution of unauthorized commands. This vulnerability may expose sensitive data or systems to risk, highlighting the importance of timely updates and security measures.",Fortinet,Fortiweb,6.8,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T16:09:04.155Z,0
CVE-2024-50569,https://securityvulnerability.io/vulnerability/CVE-2024-50569,OS Command Injection Vulnerability in Fortinet FortiWeb Products,"Fortinet FortiWeb versions 7.0.0 to 7.6.0 are susceptible to an OS command injection vulnerability. This issue stems from improper handling and neutralization of special elements in user inputs. Attackers can exploit this fault to execute unauthorized commands or code on the system, posing significant security risks. Organizations using affected versions are advised to review their configurations and apply the necessary patches to safeguard against potential exploits.",Fortinet,Fortiweb,6.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T16:09:00.303Z,0
CVE-2024-48885,https://securityvulnerability.io/vulnerability/CVE-2024-48885,"Path Traversal Vulnerability in Fortinet FortiRecorder, FortiWeb, and FortiVoice","A path traversal vulnerability has been identified in Fortinet's FortiRecorder, FortiWeb, and FortiVoice products, allowing attackers to exploit improper limitations on file paths. This flaw affects multiple versions of these products, enabling unauthorized privilege escalation through the use of specially crafted packets. Users of the affected versions are encouraged to apply updates and follow security best practices to mitigate potential risks.",Fortinet,"Fortirecorder,Fortiweb,Fortivoice",9.1,CRITICAL,0.0004799999878741801,false,,false,false,false,,false,false,false,,2025-01-16T09:01:52.958Z,0
CVE-2024-36509,https://securityvulnerability.io/vulnerability/CVE-2024-36509,Sensitive Information Exposure in FortiWeb by Fortinet,"A vulnerability exists in FortiWeb that allows an authenticated attacker to access sensitive system information, specifically the encrypted passwords of other administrators, through the 'Log Access Event' logs page. This exposure of sensitive information can lead to unauthorized control over administrative accounts, posing significant risks to system integrity and security.",Fortinet,Fortiweb,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-12T19:15:00.000Z,0
CVE-2024-33509,https://securityvulnerability.io/vulnerability/CVE-2024-33509,Improper Certificate Validation in FortiWeb by Fortinet,"An improper certificate validation flaw exists in FortiWeb, affecting versions 7.2.0 and 7.2.1, as well as all versions of 7.0, 6.4, and 6.3. This vulnerability can potentially allow remote attackers to exploit Man-in-the-Middle (MitM) attacks. By bypassing validation mechanisms, an unauthenticated attacker could intercept and manipulate data exchanged between the FortiWeb device and its endpoints, posing significant risks to the integrity and confidentiality of communications in web application environments.",Fortinet,Fortiweb,4.8,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-09T16:15:00.000Z,0
CVE-2024-23665,https://securityvulnerability.io/vulnerability/CVE-2024-23665,Unauthorized ADOM Operations via Crafted Requests,"Multiple improper authorization vulnerabilities exist in various versions of FortiWeb, which may permit an authenticated attacker to execute unauthorized actions within the ADOM framework through specially crafted requests. These vulnerabilities underscore the importance of regular updates and vigilance in securing Fortinet products against potential exploitation that could compromise authorized operations.",Fortinet,Fortiweb,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-06-03T09:50:33.614Z,0
CVE-2024-23107,https://securityvulnerability.io/vulnerability/CVE-2024-23107,Unauthorized Access to Sensitive Information in FortiWeb Products,"A vulnerability exists in FortiWeb, a web application firewall by Fortinet, where authenticated attackers can exploit an information exposure flaw. This vulnerability may permit attackers to access sensitive password hashes of other administrators through CLI commands. Affected are multiple versions, thereby highlighting significant security implications for organizations relying on this firewall solution.",Fortinet,Fortiweb,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-03T07:55:21.908Z,0
CVE-2023-46713,https://securityvulnerability.io/vulnerability/CVE-2023-46713,Output Neutralization Vulnerability in Fortinet FortiWeb Products,"An improper output neutralization vulnerability in Fortinet FortiWeb products could potentially allow an attacker to manipulate traffic logs. By crafting a specific URL, the attacker can forge entries within the log files, leading to potential misrepresentation of web application activity. This weakness affects multiple versions of the FortiWeb product, emphasizing the need for immediate monitoring and patching to safeguard against unauthorized logging manipulation.",Fortinet,FortiWeb,4.9,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-12-13T07:15:00.000Z,0
CVE-2023-34984,https://securityvulnerability.io/vulnerability/CVE-2023-34984,Protection Mechanism Failure in Fortinet FortiWeb Products,"A protection mechanism failure in Fortinet FortiWeb products enables attackers to execute unauthorized code or commands by sending specially crafted HTTP requests. This vulnerability affects multiple versions of the product, potentially compromising the security of networks utilizing FortiWeb. Organizations should focus on securing their installations and patching the affected versions to mitigate risks associated with this vulnerability. For detailed information, refer to the official Fortinet advisory.",Fortinet,Fortiweb,7.1,HIGH,0.0017399999778717756,false,,false,false,false,,,false,false,,2023-09-13T13:15:00.000Z,0
CVE-2023-23777,https://securityvulnerability.io/vulnerability/CVE-2023-23777,OS Command Injection Vulnerability in FortiWeb by Fortinet,"An OS command injection vulnerability has been identified in FortiWeb, affecting versions 7.0.1 and below, all versions of 6.4, and 6.3.18 and below. This issue arises from improper neutralization of special elements within OS command inputs, allowing a privileged attacker to craft specific CLI backup parameters. Successful exploitation can enable the execution of arbitrary bash commands, posing significant risks to system integrity and security. Organizations using FortiWeb should assess their versions and implement necessary updates to safeguard against this vulnerability.",Fortinet,Fortiweb,7.2,HIGH,0.001769999973475933,false,,false,false,false,,,false,false,,2023-07-11T09:15:00.000Z,0
CVE-2023-33305,https://securityvulnerability.io/vulnerability/CVE-2023-33305,Denial of Service Vulnerability in Fortinet FortiOS and FortiProxy Products,"A vulnerability in Fortinet FortiOS and FortiProxy products allows attackers to create an infinite loop through specially crafted HTTP requests. This can lead to a denial of service, impacting the availability of the affected systems. Specifically, this issue affects various versions of FortiOS, FortiProxy, and FortiWeb, making it crucial for organizations using these products to apply mitigations promptly. For detailed information and resolution steps, refer to the FortiGuard advisory.",Fortinet,"Fortiweb,FortiOS,Fortiproxy",4.9,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2023-06-13T09:15:00.000Z,0
CVE-2022-43955,https://securityvulnerability.io/vulnerability/CVE-2022-43955,Reflected Cross-Site Scripting Vulnerability in FortiWeb's Web Interface,"An improper neutralization of input in the FortiWeb web interface versions ranging from 7.0.0 to 7.0.3, and in various 6.xx and 5.xx releases, can allow unauthenticated remote attackers to execute reflected cross-site scripting (XSS) attacks. This is achieved by injecting malicious payloads into log entries that the application uses to generate reports, which can be exploited during the web page generation process, posing significant risks to the security of users interacting with the affected system.",Fortinet,Fortiweb,8,HIGH,0.0007999999797903001,false,,false,false,false,,,false,false,,2023-04-11T16:06:43.147Z,0
CVE-2022-43948,https://securityvulnerability.io/vulnerability/CVE-2022-43948,OS Command Injection Vulnerability in Fortinet FortiWeb and FortiADC Products,"An OS command injection vulnerability exists in Fortinet's FortiWeb and FortiADC products, allowing attackers to execute arbitrary commands by sending specially crafted input to existing commands. This vulnerability affects various versions of FortiWeb and FortiADC, posing a significant security risk. Proper input validation and filtering are essential to mitigate the risk of unauthorized code execution.",Fortinet,"Fortiweb,Fortiadc",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-11T16:06:08.263Z,0
CVE-2022-22297,https://securityvulnerability.io/vulnerability/CVE-2022-22297,Command Line Interpreter Vulnerability in FortiWeb and FortiRecorder Products,"The vulnerability in the command line interpreter of FortiWeb and FortiRecorder arises from an incomplete filtering of special elements, allowing authenticated users to craft command arguments that may lead to unauthorized access to arbitrary files. This flaw affects multiple versions of both products, making it essential for users to apply appropriate patches to mitigate potential risks associated with unauthorized file reading.",Fortinet,"Fortirecorder,Fortiweb",5.2,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-03-07T16:04:48.484Z,0
CVE-2022-39951,https://securityvulnerability.io/vulnerability/CVE-2022-39951,OS Command Injection Vulnerability in Fortinet FortiWeb,"An OS command injection vulnerability exists in Fortinet's FortiWeb products, specifically in versions 7.0.0 through 7.0.2 and 6.3.6 through 6.3.20. This flaw allows attackers to execute unauthorized commands on the server through specially crafted HTTP requests, potentially compromising system security and data integrity. Administrators are advised to update to the latest secure versions to mitigate this risk.",Fortinet,Fortiweb,7.2,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2023-03-07T16:04:38.353Z,0
CVE-2023-22636,https://securityvulnerability.io/vulnerability/CVE-2023-22636,Unauthorized Configuration Download Vulnerability in FortiWeb by Fortinet,"The FortiWeb product line from Fortinet is susceptible to an unauthorized configuration download vulnerability. This issue affects versions 6.3.6 through 6.3.21, 6.4.0 through 6.4.2, and 7.0.0 through 7.0.4. Local attackers may exploit this flaw to retrieve confidential configuration files by sending specially crafted HTTP requests, potentially compromising sensitive information and system integrity.",Fortinet,Fortiweb,6.6,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-02-27T09:15:00.000Z,0
CVE-2023-23782,https://securityvulnerability.io/vulnerability/CVE-2023-23782,Heap-Based Buffer Overflow in Fortinet FortiWeb Products,"Fortinet FortiWeb is susceptible to a heap-based buffer overflow affecting multiple versions, including 7.0.0 to 7.0.1 and all versions of 6.4, 6.2, and 6.1. This vulnerability allows an attacker to exploit this weakness through specially crafted arguments to existing commands, potentially leading to privilege escalation. Users should apply recommended patches to mitigate this security risk.",Fortinet,Fortiweb,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-16T19:15:00.000Z,0
CVE-2023-23780,https://securityvulnerability.io/vulnerability/CVE-2023-23780,Stack-based Buffer Overflow in Fortinet FortiWeb Affects Security,"A stack-based buffer overflow vulnerability exists in Fortinet FortiWeb, specifically in versions 7.0.0 through 7.0.1 and versions 6.3.6 through 6.3.19. This flaw allows an attacker to escalate their privileges by sending specially crafted HTTP requests, potentially compromising the security and integrity of the application.",Fortinet,Fortiweb,7.6,HIGH,0.0008299999753944576,false,,false,false,false,,,false,false,,2023-02-16T19:15:00.000Z,0
CVE-2023-23781,https://securityvulnerability.io/vulnerability/CVE-2023-23781,Stack-Based Buffer Overflow in FortiWeb by Fortinet,"A stack-based buffer overflow vulnerability in FortiWeb allows authenticated attackers to execute arbitrary code through specially crafted XML files. This affects multiple versions of the FortiWeb product, specifically those running versions 6.3.19 and below, all versions of 6.4, and 7.0.1 and earlier. The vulnerability is linked to the SAML server configuration, emphasizing the need for users to review and update their FortiWeb configurations to mitigate potential security risks. For further details, please refer to the comprehensive report from FortiGuard.",Fortinet,Fortiweb,6.1,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2023-02-16T19:15:00.000Z,0
CVE-2023-25602,https://securityvulnerability.io/vulnerability/CVE-2023-25602,Buffer Overflow Vulnerability in Fortinet FortiWeb Web Application Firewall,"A stack-based buffer overflow has been identified in Fortinet FortiWeb web application firewall, allowing attackers to leverage specially crafted command arguments to execute unauthorized code or commands on the affected systems. This vulnerability impacts several versions of FortiWeb and poses a significant risk to the security of web applications. Users are strongly advised to apply the latest updates to mitigate potential exploitation.",Fortinet,Fortiweb,7.4,HIGH,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-02-16T19:15:00.000Z,0
CVE-2023-23778,https://securityvulnerability.io/vulnerability/CVE-2023-23778,Relative Path Traversal Vulnerability in FortiWeb by Fortinet,"A relative path traversal vulnerability in FortiWeb allows an authenticated user to access sensitive files and data through specially crafted web requests. This issue affects FortiWeb versions 7.0.1 and below, along with all versions of 6.4, 6.3, and 6.2. Proper server configuration and input validation are vital to mitigate risks associated with unauthorized access.",Fortinet,Fortiweb,4.7,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-02-16T19:15:00.000Z,0
CVE-2023-23779,https://securityvulnerability.io/vulnerability/CVE-2023-23779,OS Command Injection Vulnerability in FortiWeb by Fortinet,"Multiple vulnerabilities exist in FortiWeb's handling of user input, allowing an authenticated attacker to exploit improper neutralization of special elements in OS commands. This can enable unauthorized execution of arbitrary code through specially crafted HTTP request parameters, potentially compromising system integrity and security.",Fortinet,Fortiweb,6.6,MEDIUM,0.0014799999771639705,false,,false,false,false,,,false,false,,2023-02-16T19:15:00.000Z,0
CVE-2023-23784,https://securityvulnerability.io/vulnerability/CVE-2023-23784,Relative Path Traversal Vulnerability in Fortinet FortiWeb,"A relative path traversal vulnerability has been identified in Fortinet FortiWeb, impacting versions from 7.0.0 to 7.0.2 and 6.3.6 to 6.3.20, alongside all versions of 6.4. This vulnerability allows attackers to conduct information disclosure through intentionally crafted web requests, which may lead to unauthorized access to sensitive information hosted on the affected system.",Fortinet,Fortiweb,5.6,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-02-16T19:15:00.000Z,0
CVE-2023-23783,https://securityvulnerability.io/vulnerability/CVE-2023-23783,Execution Flaw in Fortinet FortiWeb Web Application Firewall,"A vulnerability in Fortinet FortiWeb allows attackers to leverage a use of externally-controlled format string to execute unauthorized code or commands. This applies to FortiWeb versions 7.0.0 and 7.0.1, as well as all versions of 6.4. Attackers can exploit this flaw by sending specially crafted command arguments, potentially compromising the security of affected systems.",Fortinet,Fortiweb,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-16T19:15:00.000Z,0
CVE-2022-40683,https://securityvulnerability.io/vulnerability/CVE-2022-40683,Double Free Vulnerability in Fortinet FortiWeb Products,"A double free vulnerability exists in Fortinet FortiWeb versions 7.0.0 through 7.0.3, which may allow an attacker to execute unauthorized code or commands by sending specially crafted input. This flaw can jeopardize the integrity and security of the affected systems, posing a significant risk if exploited. Users are encouraged to review their FortiWeb configurations and update to secure versions as detailed in the vendor's security advisory.",Fortinet,Fortiweb,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-16T18:07:04.143Z,0