PSIRT Advisories
FortiWLM - Command injection in script handlers
Summary
An improper neutralization of special elements used in an OS command vulnerability ('OS Command Injection') [CWE-78] in FortiWLM may allow an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests to various controllers.
Affected Products
FortiWLM version 8.6.1 and below are impacted.
Solutions
Upgrade to FortiWLM version 8.6.2 or earlier.