cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-34990,https://securityvulnerability.io/vulnerability/CVE-2023-34990,Path Traversal Vulnerability in Fortinet FortiWLM,"A vulnerability allowing relative path traversal in Fortinet FortiWLM within versions 8.5.0 to 8.5.4 and 8.6.0 to 8.6.5 may enable attackers to execute unauthorized code or commands. This occurs through specially crafted web requests, potentially compromising the integrity of the system and its data. Users of affected versions should apply security updates as provided by Fortinet to mitigate risks.",Fortinet,Fortiwlm,9.6,CRITICAL,0.0004299999854993075,false,,true,false,true,2024-12-19T10:59:43.000Z,,false,false,,2024-12-18T12:44:38.664Z,1449
CVE-2023-48782,https://securityvulnerability.io/vulnerability/CVE-2023-48782,FortiWLM Command Injection Vulnerability,"A vulnerability exists in Fortinet FortiWLM versions 8.6.0 to 8.6.5 due to improper handling of special characters in OS command execution. An attacker can exploit this weakness by crafting a malicious HTTP GET request, enabling them to execute unauthorized code or commands on the affected system. This can lead to significant security risks and potential breaches, highlighting the importance of addressing such vulnerabilities promptly.",Fortinet,FortiWLM,8.6,HIGH,0.0010600000387057662,false,,true,false,false,,,false,false,,2023-12-13T07:15:00.000Z,115
CVE-2023-42783,https://securityvulnerability.io/vulnerability/CVE-2023-42783,Relative Path Traversal in Fortinet FortiWLM Affects Multiple Versions,"FortiWLM, a wireless LAN controller by Fortinet, is impacted by a relative path traversal vulnerability that allows an attacker to read arbitrary files on the system. This issue affects multiple versions, from 8.6.0 through 8.6.5, as well as earlier versions down to 8.2.2. Attackers can exploit this vulnerability through specially crafted HTTP requests to gain unauthorized access to sensitive information, thus highlighting the importance of timely software updates and security patches.",Fortinet,Fortiwlm,7.3,HIGH,0.0013800000306218863,false,,false,false,false,,,false,false,,2023-11-14T18:15:00.000Z,0
CVE-2023-34991,https://securityvulnerability.io/vulnerability/CVE-2023-34991,SQL Injection Vulnerability in Fortinet FortiWLM Software,"An SQL injection vulnerability exists in Fortinet FortiWLM, affecting multiple versions, which could allow attackers to execute unauthorized commands or code through specially crafted HTTP requests. This flaw could enable an adversary to manipulate SQL queries, potentially leading to unauthorized data access and control over affected systems. Users are urged to apply patch updates and monitor their environments for any suspicious activity.",Fortinet,Fortiwlm,9.3,CRITICAL,0.001339999958872795,false,,false,false,false,,,false,false,,2023-11-14T18:15:00.000Z,0
CVE-2023-34993,https://securityvulnerability.io/vulnerability/CVE-2023-34993,OS Command Injection Vulnerability in Fortinet FortiWLM,"An improper neutralization of special elements used in OS commands has been identified in Fortinet's FortiWLM, specifically impacting versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4. This vulnerability enables attackers to execute unauthorized code or commands by sending specially crafted parameters in HTTP GET requests. Organizations utilizing these affected FortiWLM versions should take immediate action to mitigate potential risks.",Fortinet,Fortiwlm,9.6,CRITICAL,0.9686200022697449,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2023-34989,https://securityvulnerability.io/vulnerability/CVE-2023-34989,OS Command Injection Vulnerability in Fortinet FortiWLM,"An OS command injection vulnerability exists in Fortinet's FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4. This flaw allows attackers to execute unauthorized commands or code by sending specially crafted HTTP GET request parameters. Exploiting this vulnerability could lead to severe security breaches, making it crucial for users to apply necessary updates and patches to protect their systems.",Fortinet,Fortiwlm,8.6,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2023-36547,https://securityvulnerability.io/vulnerability/CVE-2023-36547,OS Command Injection Vulnerability in Fortinet FortiWLM,"An OS command injection vulnerability in Fortinet FortiWLM versions 8.6.0 to 8.6.5 and 8.5.0 to 8.5.4 enables attackers to execute unauthorized commands on the system. This occurs due to insufficient neutralization of special elements in HTTP GET request parameters, allowing crafted requests to manipulate the command execution process.",Fortinet,Fortiwlm,9.6,CRITICAL,0.0016599999507889152,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2023-36548,https://securityvulnerability.io/vulnerability/CVE-2023-36548,OS Command Injection Vulnerability in Fortinet FortiWLM,"An OS command injection vulnerability exists in Fortinet FortiWLM versions 8.6.0 to 8.6.5 and 8.5.0 to 8.5.4, primarily due to improper neutralization of special elements within HTTP GET request parameters. This weakness could allow attackers to execute arbitrary commands or code without authorization, posing significant risks to system security.",Fortinet,Fortiwlm,9.6,CRITICAL,0.0016599999507889152,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2023-36549,https://securityvulnerability.io/vulnerability/CVE-2023-36549,OS Command Injection Vulnerability in Fortinet FortiWLM,"An OS command injection vulnerability exists in Fortinet FortiWLM versions 8.5.0 to 8.5.4 and 8.6.0 to 8.6.5, allowing attackers to successfully execute unauthorized commands. This issue arises due to improper neutralization of special elements used in operating system commands. Attackers can exploit this vulnerability by crafting malicious HTTP GET request parameters, which may lead to security breaches and exploitation of affected systems. Organizations using these software versions should prioritize upgrading to mitigate potential threats. Further details can be found in the official advisory.",Fortinet,Fortiwlm,8.6,HIGH,0.0016599999507889152,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2023-34985,https://securityvulnerability.io/vulnerability/CVE-2023-34985,OS Command Injection Vulnerability in Fortinet FortiWLM,"An OS command injection vulnerability exists in Fortinet FortiWLM affecting versions 8.5.0 through 8.5.4 and 8.6.0 through 8.6.5. Attackers can exploit this flaw by crafting specific HTTP GET request parameters, which may permit the execution of unauthorized commands or code within the affected systems. This vulnerability can potentially compromise system integrity and could lead to unauthorized actions being performed.",Fortinet,Fortiwlm,8.6,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2023-34986,https://securityvulnerability.io/vulnerability/CVE-2023-34986,OS Command Injection Vulnerability in Fortinet FortiWLM Products,"An OS command injection vulnerability exists in Fortinet's FortiWLM affecting versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4. Attackers can exploit this vulnerability by crafting specific HTTP GET request parameters, allowing them to execute unauthorized commands. This poses a significant risk to network integrity and security, warranting immediate attention and remediation.",Fortinet,Fortiwlm,8.6,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2023-34987,https://securityvulnerability.io/vulnerability/CVE-2023-34987,OS Command Injection Vulnerability in Fortinet FortiWLM,"An OS command injection vulnerability exists in Fortinet FortiWLM versions 8.6.0 to 8.6.5 and 8.5.0 to 8.5.4, allowing attackers to manipulate HTTP GET request parameters to execute unauthorized commands. This flaw can lead to unauthorized access and control over affected systems, potentially compromising the integrity and security of the organization. Proper input validation and sanitization mechanisms are essential to mitigate such risks. For more details, refer to Fortinet's advisory.",Fortinet,Fortiwlm,8.6,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2023-34988,https://securityvulnerability.io/vulnerability/CVE-2023-34988,OS Command Injection in Fortinet FortiWLM,"Fortinet FortiWLM versions 8.6.0 to 8.6.5 and 8.5.0 to 8.5.4 are susceptible to an OS command injection vulnerability. This flaw arises from improper neutralization of special elements utilized in operating system commands, which allows remote attackers to execute unauthorized code or commands through specially crafted HTTP GET request parameters. This presents significant security risks as it could be exploited to gain control over affected systems.",Fortinet,Fortiwlm,8.6,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2023-36550,https://securityvulnerability.io/vulnerability/CVE-2023-36550,OS Command Injection in Fortinet FortiWLM Affected Products,"Fortinet FortiWLM is susceptible to an OS command injection vulnerability due to improper handling of specially crafted HTTP GET request parameters. Attackers could exploit this vulnerability to execute unauthorized commands or code on the affected devices during specific conditions, posing a significant risk to security. It is crucial for users of FortiWLM versions 8.5.0 through 8.5.4 and 8.6.0 through 8.6.5 to assess their systems and apply the necessary patches to mitigate this risk.",Fortinet,Fortiwlm,9.6,CRITICAL,0.0016599999507889152,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2021-43070,https://securityvulnerability.io/vulnerability/CVE-2021-43070,Relative Path Traversal Vulnerabilities in FortiWLM Management Interface by Fortinet,"Multiple relative path traversal vulnerabilities have been identified in the FortiWLM management interface. These vulnerabilities affect various versions, potentially allowing an authenticated attacker to exploit the interface and retrieve arbitrary files from the underlying filesystem by crafting specific web requests. This poses a significant risk to the security and integrity of the data managed by FortiWLM.",Fortinet,Fortinet Fortiwlm,5.4,MEDIUM,0.0009299999801442027,false,,false,false,false,,,false,false,,2022-03-02T16:35:22.000Z,0
CVE-2021-43077,https://securityvulnerability.io/vulnerability/CVE-2021-43077,SQL Injection Vulnerability in Fortinet FortiWLM Products,"An SQL injection vulnerability exists in Fortinet FortiWLM, affecting several versions, where improper neutralization of special elements in SQL commands allows attackers to execute unauthorized code via specifically crafted HTTP requests directed at the AP monitor handlers. This flaw could lead to serious security breaches, making it imperative for users to apply patches or upgrade their installations.",Fortinet,Fortinet Fortiwlm,8.8,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2022-03-01T18:30:11.000Z,0
CVE-2021-43075,https://securityvulnerability.io/vulnerability/CVE-2021-43075,OS Command Injection Vulnerability in Fortinet FortiWLM Products,"An issue in Fortinet FortiWLM pertaining to improper neutralization of special elements allows attackers to execute unauthorized commands. This is possible through crafted HTTP requests directed at the alarm dashboard and controller configuration handlers, affecting multiple versions of the product, including those older than 8.6.2. Organizations utilizing FortiWLM should assess their configurations and consider applying mitigations as necessary to safeguard against potential exploits.",Fortinet,Fortinet Fortiwlm,8.8,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2022-03-01T18:25:11.000Z,0
CVE-2021-42752,https://securityvulnerability.io/vulnerability/CVE-2021-42752,Cross-Site Scripting Vulnerability in FortiWLM by Fortinet,"An improper handling of user input during web page generation in Fortinet's FortiWLM versions 8.6.1 and earlier allows attackers to exploit this vulnerability. By crafting specially designed HTTP requests, an attacker can inject and execute malicious JavaScript code on the victim's host, leading to potential unauthorized actions and data exposure.",Fortinet,Fortinet Fortiwlm,5.4,MEDIUM,0.0006699999794363976,false,,false,false,false,,,false,false,,2021-12-08T11:53:50.000Z,0
CVE-2021-42760,https://securityvulnerability.io/vulnerability/CVE-2021-42760,SQL Injection Vulnerability in Fortinet FortiWLM Software,"An improper neutralization of special elements used in SQL commands in Fortinet FortiWLM, specifically in versions 8.6.1 and earlier, permits attackers to execute crafted SQL queries. This exploitation can lead to unauthorized access and the disclosure of sensitive information stored in database tables, posing significant risks to data integrity and confidentiality.",Fortinet,Fortinet Fortiwlm,8.8,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2021-12-08T11:31:41.000Z,0
CVE-2021-41029,https://securityvulnerability.io/vulnerability/CVE-2021-41029,Cross-Site Scripting Vulnerability in Fortinet FortiWLM Products,"An improper neutralization of input during web page generation in Fortinet FortiWLM allows attackers to inject malicious JavaScript code. This code can be stored on the device and executed through specially crafted HTTP requests, potentially compromising the security of users interacting with the affected system. This vulnerability highlights the importance of robust input validation and the implementation of security best practices to prevent unauthorized script execution.",Fortinet,Fortinet Fortiwlm,6.4,MEDIUM,0.0006699999794363976,false,,false,false,false,,,false,false,,2021-12-08T11:29:46.000Z,0
CVE-2021-36184,https://securityvulnerability.io/vulnerability/CVE-2021-36184,SQL Injection Vulnerability in Fortinet FortiWLM Affected by Improper Neutralization,"Inadequate handling of special characters in SQL commands exposes Fortinet FortiWLM versions 8.6.1 and prior to SQL injection attacks, allowing attackers to retrieve sensitive information about devices, users, and the database through crafted HTTP requests. This vulnerability poses significant risks by enabling unauthorized access to critical data.",Fortinet,Fortinet Fortiwlm,8.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-11-02T18:51:45.000Z,0
CVE-2021-36185,https://securityvulnerability.io/vulnerability/CVE-2021-36185,OS Command Injection Vulnerability in Fortinet FortiWLM,"An OS Command Injection vulnerability exists in Fortinet FortiWLM versions 8.6.1 and earlier, allowing an attacker to execute arbitrary commands by sending specially crafted HTTP requests. This flaw arises from improper neutralization of special elements in the operating system command execution context, potentially leading to severe security implications for affected systems.",Fortinet,Fortinet Fortiwlm,8.8,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2021-11-02T18:45:54.000Z,0
CVE-2017-7336,https://securityvulnerability.io/vulnerability/CVE-2017-7336,,A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.,Fortinet,Fortinet Fortiwlm,9.8,CRITICAL,0.002400000113993883,false,,false,false,false,,,false,false,,2017-06-30T00:00:00.000Z,0