Multiple command injection vulnerabilities [CWE-78] in the command line interpreter of FortiWeb may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments.
FortiWeb 6.4.1 and earlier.
FortiWeb 6.3.15 and earlier.
FortiWeb 6.2.5 and earlier.
FortiWeb 6.1.2 and earlier.
Upgrade to FortiWeb 7.0.0 and later.
Upgrade to FortiWeb 6.4.2 and later.
Upgrade to FortiWeb 6.3.16 and later.