Command injection in webserver Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-254 Final 1 1 2023-03-07T00:00:00 Current version 2023-03-07T00:00:00 2023-03-07T00:00:00 An improper neutralization of special elements used in an OS command vulnerability ('OS Command Injection') [CWE-78] in FortiWeb may allow authenticated users to execute unauthorized code or commands via specifically crafted HTTP requests. None Execute unauthorized code or commands Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security Team FortiWeb 7.0.2 FortiWeb 7.0.1 FortiWeb 7.0.0 FortiWeb 6.4.3 FortiWeb 6.4.2 FortiWeb 6.4.1 FortiWeb 6.4.0 FortiWeb 6.3.20 FortiWeb 6.3.19 FortiWeb 6.3.18 FortiWeb 6.3.17 FortiWeb 6.3.16 FortiWeb 6.3.15 FortiWeb 6.3.14 FortiWeb 6.3.13 FortiWeb 6.3.12 FortiWeb 6.3.11 FortiWeb 6.3.10 FortiWeb 6.3.9 FortiWeb 6.3.8 FortiWeb 6.3.7 FortiWeb 6.3.6 CVE-2022-39951 FortiWeb-7.0.2 FortiWeb-7.0.1 FortiWeb-7.0.0 FortiWeb-6.4.3 FortiWeb-6.4.2 FortiWeb-6.4.1 FortiWeb-6.4.0 FortiWeb-6.3.20 FortiWeb-6.3.19 FortiWeb-6.3.18 FortiWeb-6.3.17 FortiWeb-6.3.16 FortiWeb-6.3.15 FortiWeb-6.3.14 FortiWeb-6.3.13 FortiWeb-6.3.12 FortiWeb-6.3.11 FortiWeb-6.3.10 FortiWeb-6.3.9 FortiWeb-6.3.8 FortiWeb-6.3.7 FortiWeb-6.3.6 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-254 Command injection in webserver Reference>