An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters.
FortiWeb version 7.0.0 through 7.0.1
FortiWeb version 6.3.6 through 6.3.18
FortiWeb 6.4 all versions
Please upgrade to FortiWeb version 7.0.2 or above
Please upgrade to FortiWeb version 6.3.19 or above