2023-02-16 18:05:22
fortinet
PUBLISHED
AnĀ improper neutralization of special elements used in an os command (OS Command Injection) [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as `root` user via crafted HTTP requests.