OS Command Injection because of missing input parameter sanitization
Summary
Multiple improper neutralization of special elements vulnerabilities [CWE-89] used in a command in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.
Affected Products
FortiWeb version 6.3.13 or below is impacted
FortiWeb version 6.2.4 or below is impacted
Solutions
Upgrade to FortiWeb 6.3.14 or above
Upgrade to FortiWeb 6.2.5 or above