cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-34990,https://securityvulnerability.io/vulnerability/CVE-2023-34990,Path Traversal Vulnerability in Fortinet FortiWLM,"A vulnerability allowing relative path traversal in Fortinet FortiWLM within versions 8.5.0 to 8.5.4 and 8.6.0 to 8.6.5 may enable attackers to execute unauthorized code or commands. This occurs through specially crafted web requests, potentially compromising the integrity of the system and its data. Users of affected versions should apply security updates as provided by Fortinet to mitigate risks.",Fortinet,Fortiwlm,9.6,CRITICAL,0.0004299999854993075,false,true,false,true,,false,false,2024-12-18T12:44:38.664Z,1449
CVE-2023-48782,https://securityvulnerability.io/vulnerability/CVE-2023-48782,FortiWLM Command Injection Vulnerability,"A vulnerability exists in Fortinet FortiWLM versions 8.6.0 to 8.6.5 due to improper handling of special characters in OS command execution. An attacker can exploit this weakness by crafting a malicious HTTP GET request, enabling them to execute unauthorized code or commands on the affected system. This can lead to significant security risks and potential breaches, highlighting the importance of addressing such vulnerabilities promptly.",Fortinet,FortiWLM,8.6,HIGH,0.0010600000387057662,false,true,false,false,,false,false,2023-12-13T07:15:00.000Z,115
CVE-2023-42783,https://securityvulnerability.io/vulnerability/CVE-2023-42783,Relative Path Traversal in Fortinet FortiWLM Affects Multiple Versions,"FortiWLM, a wireless LAN controller by Fortinet, is impacted by a relative path traversal vulnerability that allows an attacker to read arbitrary files on the system. This issue affects multiple versions, from 8.6.0 through 8.6.5, as well as earlier versions down to 8.2.2. Attackers can exploit this vulnerability through specially crafted HTTP requests to gain unauthorized access to sensitive information, thus highlighting the importance of timely software updates and security patches.",Fortinet,Fortiwlm,7.3,HIGH,0.0013800000306218863,false,false,false,false,,false,false,2023-11-14T18:15:00.000Z,0
CVE-2023-34991,https://securityvulnerability.io/vulnerability/CVE-2023-34991,SQL Injection Vulnerability in Fortinet FortiWLM Software,"An SQL injection vulnerability exists in Fortinet FortiWLM, affecting multiple versions, which could allow attackers to execute unauthorized commands or code through specially crafted HTTP requests. This flaw could enable an adversary to manipulate SQL queries, potentially leading to unauthorized data access and control over affected systems. Users are urged to apply patch updates and monitor their environments for any suspicious activity.",Fortinet,Fortiwlm,9.3,CRITICAL,0.001339999958872795,false,false,false,false,,false,false,2023-11-14T18:15:00.000Z,0
CVE-2023-36549,https://securityvulnerability.io/vulnerability/CVE-2023-36549,OS Command Injection Vulnerability in Fortinet FortiWLM,"An OS command injection vulnerability exists in Fortinet FortiWLM versions 8.5.0 to 8.5.4 and 8.6.0 to 8.6.5, allowing attackers to successfully execute unauthorized commands. This issue arises due to improper neutralization of special elements used in operating system commands. Attackers can exploit this vulnerability by crafting malicious HTTP GET request parameters, which may lead to security breaches and exploitation of affected systems. Organizations using these software versions should prioritize upgrading to mitigate potential threats. Further details can be found in the official advisory.",Fortinet,Fortiwlm,8.6,HIGH,0.0016599999507889152,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-34986,https://securityvulnerability.io/vulnerability/CVE-2023-34986,OS Command Injection Vulnerability in Fortinet FortiWLM Products,"An OS command injection vulnerability exists in Fortinet's FortiWLM affecting versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4. Attackers can exploit this vulnerability by crafting specific HTTP GET request parameters, allowing them to execute unauthorized commands. This poses a significant risk to network integrity and security, warranting immediate attention and remediation.",Fortinet,Fortiwlm,8.6,HIGH,0.0010600000387057662,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-34985,https://securityvulnerability.io/vulnerability/CVE-2023-34985,OS Command Injection Vulnerability in Fortinet FortiWLM,"An OS command injection vulnerability exists in Fortinet FortiWLM affecting versions 8.5.0 through 8.5.4 and 8.6.0 through 8.6.5. Attackers can exploit this flaw by crafting specific HTTP GET request parameters, which may permit the execution of unauthorized commands or code within the affected systems. This vulnerability can potentially compromise system integrity and could lead to unauthorized actions being performed.",Fortinet,Fortiwlm,8.6,HIGH,0.0010600000387057662,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-36550,https://securityvulnerability.io/vulnerability/CVE-2023-36550,OS Command Injection in Fortinet FortiWLM Affected Products,"Fortinet FortiWLM is susceptible to an OS command injection vulnerability due to improper handling of specially crafted HTTP GET request parameters. Attackers could exploit this vulnerability to execute unauthorized commands or code on the affected devices during specific conditions, posing a significant risk to security. It is crucial for users of FortiWLM versions 8.5.0 through 8.5.4 and 8.6.0 through 8.6.5 to assess their systems and apply the necessary patches to mitigate this risk.",Fortinet,Fortiwlm,9.6,CRITICAL,0.0016599999507889152,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-34987,https://securityvulnerability.io/vulnerability/CVE-2023-34987,OS Command Injection Vulnerability in Fortinet FortiWLM,"An OS command injection vulnerability exists in Fortinet FortiWLM versions 8.6.0 to 8.6.5 and 8.5.0 to 8.5.4, allowing attackers to manipulate HTTP GET request parameters to execute unauthorized commands. This flaw can lead to unauthorized access and control over affected systems, potentially compromising the integrity and security of the organization. Proper input validation and sanitization mechanisms are essential to mitigate such risks. For more details, refer to Fortinet's advisory.",Fortinet,Fortiwlm,8.6,HIGH,0.0010600000387057662,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-34988,https://securityvulnerability.io/vulnerability/CVE-2023-34988,OS Command Injection in Fortinet FortiWLM,"Fortinet FortiWLM versions 8.6.0 to 8.6.5 and 8.5.0 to 8.5.4 are susceptible to an OS command injection vulnerability. This flaw arises from improper neutralization of special elements utilized in operating system commands, which allows remote attackers to execute unauthorized code or commands through specially crafted HTTP GET request parameters. This presents significant security risks as it could be exploited to gain control over affected systems.",Fortinet,Fortiwlm,8.6,HIGH,0.0010600000387057662,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-34989,https://securityvulnerability.io/vulnerability/CVE-2023-34989,OS Command Injection Vulnerability in Fortinet FortiWLM,"An OS command injection vulnerability exists in Fortinet's FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4. This flaw allows attackers to execute unauthorized commands or code by sending specially crafted HTTP GET request parameters. Exploiting this vulnerability could lead to severe security breaches, making it crucial for users to apply necessary updates and patches to protect their systems.",Fortinet,Fortiwlm,8.6,HIGH,0.0010600000387057662,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-34993,https://securityvulnerability.io/vulnerability/CVE-2023-34993,OS Command Injection Vulnerability in Fortinet FortiWLM,"An improper neutralization of special elements used in OS commands has been identified in Fortinet's FortiWLM, specifically impacting versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4. This vulnerability enables attackers to execute unauthorized code or commands by sending specially crafted parameters in HTTP GET requests. Organizations utilizing these affected FortiWLM versions should take immediate action to mitigate potential risks.",Fortinet,Fortiwlm,9.6,CRITICAL,0.968280017375946,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-36547,https://securityvulnerability.io/vulnerability/CVE-2023-36547,OS Command Injection Vulnerability in Fortinet FortiWLM,"An OS command injection vulnerability in Fortinet FortiWLM versions 8.6.0 to 8.6.5 and 8.5.0 to 8.5.4 enables attackers to execute unauthorized commands on the system. This occurs due to insufficient neutralization of special elements in HTTP GET request parameters, allowing crafted requests to manipulate the command execution process.",Fortinet,Fortiwlm,9.6,CRITICAL,0.0016599999507889152,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-36548,https://securityvulnerability.io/vulnerability/CVE-2023-36548,OS Command Injection Vulnerability in Fortinet FortiWLM,"An OS command injection vulnerability exists in Fortinet FortiWLM versions 8.6.0 to 8.6.5 and 8.5.0 to 8.5.4, primarily due to improper neutralization of special elements within HTTP GET request parameters. This weakness could allow attackers to execute arbitrary commands or code without authorization, posing significant risks to system security.",Fortinet,Fortiwlm,9.6,CRITICAL,0.0016599999507889152,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2021-43070,https://securityvulnerability.io/vulnerability/CVE-2021-43070,,"Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.",Fortinet,Fortinet Fortiwlm,5.4,MEDIUM,0.0009299999801442027,false,false,false,false,,false,false,2022-03-02T16:35:22.000Z,0
CVE-2021-43077,https://securityvulnerability.io/vulnerability/CVE-2021-43077,,"A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers.",Fortinet,Fortinet Fortiwlm,8.8,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2022-03-01T18:30:11.000Z,0
CVE-2021-43075,https://securityvulnerability.io/vulnerability/CVE-2021-43075,,"A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers.",Fortinet,Fortinet Fortiwlm,8.8,HIGH,0.0013200000394135714,false,false,false,false,,false,false,2022-03-01T18:25:11.000Z,0
CVE-2021-42752,https://securityvulnerability.io/vulnerability/CVE-2021-42752,,A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests,Fortinet,Fortinet Fortiwlm,5.4,MEDIUM,0.0006699999794363976,false,false,false,false,,false,false,2021-12-08T11:53:50.000Z,0
CVE-2021-42760,https://securityvulnerability.io/vulnerability/CVE-2021-42760,,A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests.,Fortinet,Fortinet Fortiwlm,8.8,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2021-12-08T11:31:41.000Z,0
CVE-2021-41029,https://securityvulnerability.io/vulnerability/CVE-2021-41029,,A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests,Fortinet,Fortinet Fortiwlm,6.4,MEDIUM,0.0006699999794363976,false,false,false,false,,false,false,2021-12-08T11:29:46.000Z,0
CVE-2021-36184,https://securityvulnerability.io/vulnerability/CVE-2021-36184,,"A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests.",Fortinet,Fortinet Fortiwlm,8.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2021-11-02T18:51:45.000Z,0
CVE-2021-36185,https://securityvulnerability.io/vulnerability/CVE-2021-36185,,A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.,Fortinet,Fortinet Fortiwlm,8.8,HIGH,0.0013200000394135714,false,false,false,false,,false,false,2021-11-02T18:45:54.000Z,0
CVE-2017-7336,https://securityvulnerability.io/vulnerability/CVE-2017-7336,,A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.,Fortinet,Fortinet Fortiwlm,9.8,CRITICAL,0.0023300000466406345,false,false,false,false,,false,false,2017-06-30T00:00:00.000Z,0