Fortinet

Fortiweb

107 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-26013

Media report
  • EPSS 0.07%
  • Published 08.04.2025 14:15:30
  • Last modified 25.07.2025 15:22:20

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy vers...

9.8

CVE-2023-25610

Warning
  • EPSS 23.08%
  • Published 24.03.2025 15:39:48
  • Last modified 24.07.2025 19:56:34

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 t...

9.8

CVE-2024-55594

  • EPSS 0.11%
  • Published 14.03.2025 16:25:33
  • Last modified 24.07.2025 20:14:38

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

7.2

CVE-2022-29059

  • EPSS 0.05%
  • Published 14.03.2025 15:45:33
  • Last modified 24.07.2025 20:01:42

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL comm...

7.2

CVE-2024-45324

  • EPSS 0.05%
  • Published 11.03.2025 14:54:33
  • Last modified 24.07.2025 19:06:14

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7....

9.8

CVE-2023-42784

  • EPSS 0.13%
  • Published 11.03.2025 14:54:28
  • Last modified 22.07.2025 21:22:27

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

7.2

CVE-2024-55597

  • EPSS 0.21%
  • Published 11.03.2025 14:54:26
  • Last modified 24.07.2025 18:47:34

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests.

7.2

CVE-2024-50569

  • EPSS 0.15%
  • Published 11.02.2025 17:15:23
  • Last modified 22.07.2025 21:38:12

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

7.2

CVE-2024-50567

  • EPSS 0.2%
  • Published 11.02.2025 17:15:22
  • Last modified 22.07.2025 21:37:44

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

9.1

CVE-2024-48885

  • EPSS 0.05%
  • Published 16.01.2025 09:15:06
  • Last modified 24.09.2025 15:25:58

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6....