Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-23777: Fortiguard

An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters.

CVE
Open in Source
#vulnerability#web

** PSIRT Advisories**

FortiWeb - Command injection in CLI backup functionality

Summary

An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiWeb may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters.

Affected Products

FortiWeb version 7.0.0 through 7.0.1
FortiWeb version 6.3.6 through 6.3.18
FortiWeb 6.4 all versions

Solutions

Please upgrade to FortiWeb version 7.0.2 or above
Please upgrade to FortiWeb version 6.3.19 or above

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE