FortiWeb - command injection in webserver
An improper neutralization of special elements used in an OS command vulnerability ('OS Command Injection') [CWE-78] in FortiWeb may allow authenticated users to execute unauthorized code or commands via specifically crafted HTTP requests.
Affected ProductsFortiWeb version 7.0.0 through 7.0.2
FortiWeb version 6.3.6 through 6.3.20
FortiWeb 6.4 all versions
SolutionsPlease upgrade to FortiWeb version 7.2.0 or above
Please upgrade to FortiWeb version 7.0.3 or above
Please upgrade to FortiWeb version 6.3.21 or above