Path traversal via unrestricted file upload

Path traversal via unrestricted file upload Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-189 Final 1 1 2023-10-10T00:00:00 Current version 2023-10-10T00:00:00 2025-01-15T00:00:00 A relative path traversal [CWE-23] vulnerability in FortiManager and FortiAnalyzer may allow a remote attacker with low privileges to execute unauthorized code via crafted HTTP requests. None Execute unauthorized code or commands https://fortiguard.fortinet.com/psirt/FG-IR-23-189 Path traversal via unrestricted file upload https://www.synacktiv.com/advisories/fortimanager-multiple-vulnerabilities https://www.synacktiv.com/advisories/fortimanager-multiple-vulnerabilities Fortinet is pleased to thank security researchers Paul BARBE, Antoine CARRINCAZEAUX and Clément AMIC from Synacktiv (https://www.synacktiv.com) for discovering and reporting this vulnerability under responsible disclosure. FortiAnalyzer-BigData 7.2.5 FortiAnalyzer-BigData 7.2.4 FortiAnalyzer-BigData 7.2.3 FortiAnalyzer-BigData 7.2.2 FortiAnalyzer-BigData 7.2.1 FortiAnalyzer-BigData 7.2.0 FortiManager 7.4.0 FortiManager 7.2.3 FortiManager 7.2.2 FortiManager 7.2.1 FortiManager 7.2.0 FortiManager 7.0.8 FortiManager 7.0.7 FortiManager 7.0.6 FortiManager 7.0.5 FortiManager 7.0.4 FortiManager 7.0.3 FortiManager 7.0.2 FortiManager 7.0.1 FortiManager 7.0.0 FortiManager 6.4.12 FortiManager 6.4.11 FortiManager 6.4.10 FortiManager 6.4.9 FortiManager 6.4.8 FortiManager 6.4.7 FortiManager 6.4.6 FortiManager 6.4.5 FortiManager 6.4.4 FortiManager 6.4.3 FortiManager 6.4.2 FortiManager 6.4.1 FortiManager 6.4.0 FortiManager 6.2.11 FortiManager 6.2.10 FortiManager 6.2.9 FortiManager 6.2.8 FortiManager 6.2.7 FortiManager 6.2.6 FortiManager 6.2.5 FortiManager 6.2.4 FortiManager 6.2.3 FortiManager 6.2.2 FortiManager 6.2.1 FortiManager 6.2.0 Path traversal via unrestricted file upload CVE-2023-42791 FortiAnalyzer-BigData-7.2.5 FortiAnalyzer-BigData-7.2.4 FortiAnalyzer-BigData-7.2.3 FortiAnalyzer-BigData-7.2.2 FortiAnalyzer-BigData-7.2.1 FortiAnalyzer-BigData-7.2.0 FortiManager-7.4.0 FortiManager-7.2.3 FortiManager-7.2.2 FortiManager-7.2.1 FortiManager-7.2.0 FortiManager-7.0.8 FortiManager-7.0.7 FortiManager-7.0.6 FortiManager-7.0.5 FortiManager-7.0.4 FortiManager-7.0.3 FortiManager-7.0.2 FortiManager-7.0.1 FortiManager-7.0.0 FortiManager-6.4.12 FortiManager-6.4.11 FortiManager-6.4.10 FortiManager-6.4.9 FortiManager-6.4.8 FortiManager-6.4.7 FortiManager-6.4.6 FortiManager-6.4.5 FortiManager-6.4.4 FortiManager-6.4.3 FortiManager-6.4.2 FortiManager-6.4.1 FortiManager-6.4.0 FortiManager-6.2.11 FortiManager-6.2.10 FortiManager-6.2.9 FortiManager-6.2.8 FortiManager-6.2.7 FortiManager-6.2.6 FortiManager-6.2.5 FortiManager-6.2.4 FortiManager-6.2.3 FortiManager-6.2.2 FortiManager-6.2.1 FortiManager-6.2.0 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-23-189 Path traversal via unrestricted file upload Reference> https://www.synacktiv.com/advisories/fortimanager-multiple-vulnerabilities https://www.synacktiv.com/advisories/fortimanager-multiple-vulnerabilities