Fortinet

Fortiweb

111 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2024-55597

  • EPSS 0.25%
  • Veröffentlicht 11.03.2025 14:54:26
  • Zuletzt bearbeitet 24.07.2025 18:47:34

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests.

7.2

CVE-2024-50569

  • EPSS 0.25%
  • Veröffentlicht 11.02.2025 17:15:23
  • Zuletzt bearbeitet 22.07.2025 21:38:12

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

7.2

CVE-2024-50567

  • EPSS 0.33%
  • Veröffentlicht 11.02.2025 17:15:22
  • Zuletzt bearbeitet 22.07.2025 21:37:44

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

9.1

CVE-2024-48885

  • EPSS 0.08%
  • Veröffentlicht 16.01.2025 09:15:06
  • Zuletzt bearbeitet 24.09.2025 15:25:58

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6....

2.7

CVE-2024-55593

  • EPSS 0.12%
  • Veröffentlicht 14.01.2025 14:15:34
  • Zuletzt bearbeitet 03.02.2025 22:06:19

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries

9.1

CVE-2024-48884

  • EPSS 0.57%
  • Veröffentlicht 14.01.2025 14:15:32
  • Zuletzt bearbeitet 08.08.2025 16:00:27

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0...

6.7

CVE-2024-21758

  • EPSS 0.03%
  • Veröffentlicht 14.01.2025 14:15:28
  • Zuletzt bearbeitet 24.07.2025 19:59:23

A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack prote...

4.4

CVE-2024-36509

  • EPSS 0.03%
  • Veröffentlicht 12.11.2024 19:15:10
  • Zuletzt bearbeitet 14.11.2024 20:33:44

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authen...

4.8

CVE-2024-33509

  • EPSS 0.2%
  • Veröffentlicht 09.07.2024 16:15:05
  • Zuletzt bearbeitet 21.11.2024 09:17:02

An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tam...

8.8

CVE-2024-23665

  • EPSS 0.27%
  • Veröffentlicht 03.06.2024 10:15:12
  • Zuletzt bearbeitet 17.12.2024 16:43:37

Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unautho...