FortiWLM - authenticated command injection vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-23-450
Final
1
1
2023-12-12T00:00:00
Current version
2023-12-12T00:00:00
2023-12-07T00:00:00
An Improper neutralization of special elements used in an os command vulnerabilities [CWE-78] in FortiWLM may allow a remote authenticated attacker with low privilege to execute unauthorized commands via specifically crafted http get request parameters.
None
Execute unauthorized code or commands
Fortinet is pleased to thank security researchers Zach Hanley (@hacks_zach) of Horizon3.ai
for discovering and reporting this vulnerability under responsible disclosure.
FortiWLM 8.6.5
FortiWLM 8.6.4
FortiWLM 8.6.3
FortiWLM 8.6.2
FortiWLM 8.6.1
FortiWLM 8.6.0
FortiWLM - authenticated command injection vulnerability
CVE-2023-48782
FortiWLM-8.6.5
FortiWLM-8.6.4
FortiWLM-8.6.3
FortiWLM-8.6.2
FortiWLM-8.6.1
FortiWLM-8.6.0
8.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-23-450
FortiWLM - authenticated command injection vulnerability
Reference>