Multiple Improper neutralization of special elements used in an os command vulnerabilities [CWE-78] in FortiWLM may allow a remote authenticated attacker with low privilege to execute unauthorized commands via specifically crafted http get request parameters.
FortiWLM version 8.6.5 and below
FortiWLM version 8.5.4 and below
Please upgrade to FortiWLM version 8.6.6 or above
Please upgrade to FortiWLM version 8.5.5 or above
AcknowledgementInternally discovered and reported by Adham El karn of Fortinet Product Security team.
2023-09-29: Initial publication