CVE-2024-50569

Summary

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb7.6.0affected
FortinetFortiWeb7.4.0 <= 7.4.5affected
FortinetFortiWeb7.2.0 <= 7.2.10affected
FortinetFortiWeb7.0.0 <= 7.0.10affected

Weaknesses

  • CWE-78: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References