An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem.
FortiWeb 6.4.1 and below.
FortiWeb 6.3.15 and below.
FortiWeb 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x.
Please upgrade to FortiWeb 6.4.2 or above.
Please upgrade to FortiWeb 6.3.16 or above.