Fortinet

Fortiweb

115 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-55594

  • EPSS 0.14%
  • Veröffentlicht 14.03.2025 16:25:33
  • Zuletzt bearbeitet 24.07.2025 20:14:38

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

7.2

CVE-2022-29059

  • EPSS 0.09%
  • Veröffentlicht 14.03.2025 15:45:33
  • Zuletzt bearbeitet 24.07.2025 20:01:42

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL comm...

7.2

CVE-2024-45324

  • EPSS 0.1%
  • Veröffentlicht 11.03.2025 14:54:33
  • Zuletzt bearbeitet 24.07.2025 19:06:14

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7....

9.8

CVE-2023-42784

  • EPSS 0.14%
  • Veröffentlicht 11.03.2025 14:54:28
  • Zuletzt bearbeitet 22.07.2025 21:22:27

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

7.2

CVE-2024-55597

  • EPSS 0.3%
  • Veröffentlicht 11.03.2025 14:54:26
  • Zuletzt bearbeitet 24.07.2025 18:47:34

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests.

7.2

CVE-2024-50569

  • EPSS 0.31%
  • Veröffentlicht 11.02.2025 17:15:23
  • Zuletzt bearbeitet 22.07.2025 21:38:12

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

7.2

CVE-2024-50567

  • EPSS 0.41%
  • Veröffentlicht 11.02.2025 17:15:22
  • Zuletzt bearbeitet 22.07.2025 21:37:44

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

9.1

CVE-2024-48885

  • EPSS 0.08%
  • Veröffentlicht 16.01.2025 09:15:06
  • Zuletzt bearbeitet 14.01.2026 13:16:09

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoic...

2.7

CVE-2024-55593

  • EPSS 0.12%
  • Veröffentlicht 14.01.2025 14:15:34
  • Zuletzt bearbeitet 03.02.2025 22:06:19

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries

9.1

CVE-2024-48884

  • EPSS 0.57%
  • Veröffentlicht 14.01.2025 14:15:32
  • Zuletzt bearbeitet 14.01.2026 13:16:08

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 throug...