FortiWLM - Authenticated command injection vulnerability


Multiple Improper neutralization of special elements used in an os command vulnerabilities [CWE-78] in FortiWLM may allow a remote authenticated attacker with low privilege to execute unauthorized commands via specifically crafted http get request parameters.

Affected Products

FortiWLM version 8.6.5 and below
FortiWLM version 8.5.4 and below


Please upgrade to FortiWLM version 8.6.6 or above
Please upgrade to FortiWLM version 8.5.5 or above


Internally discovered and reported by Adham El karn of Fortinet Product Security team.


2023-09-29: Initial publication