Multiple improper neutralization of special elements vulnerabilities [CWE-89] used in a command in FortiWeb may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.
FortiWeb version 6.3.13 or below is impacted
FortiWeb version 6.2.4 or below is impacted
Upgrade to FortiWeb 6.3.14 or above
Upgrade to FortiWeb 6.2.5 or above