CNNVD-202511-1746 Information
CNNVD ID
CNNVD-202511-1746
Related CVE
- CNNVD Published: 2025-11-14
Description (Chinese)
Fortinet FortiWeb是美国飞塔(Fortinet)公司的一款Web应用层防火墙,它能够阻断如跨站点脚本、SQL注入、Cookie中毒、schema中毒等攻击的威胁,保证Web应用程序的安全性并保护敏感的数据库内容。 Fortinet FortiWeb 8.0.0版本至8.0.1版本、7.6.0版本至7.6.4版本、7.4.0版本至7.4.9版本、7.2.0版本至7.2.11版本和7.0.0版本至7.0.11版本存在安全漏洞,该漏洞源于相对路径遍历,可能导致执行管理命令。
Description (English)
Fortinet FortiWeb, a fireproof wall for the Fortinet application of the United States, can disrupt the threat of attacks such as cross-site scripts, SQL injections, Cookie poisoning and schema poisoning, ensure the safety of Web applications and protect sensitive database content. There is a security gap between Fortinet FortiWeb version 8.0.0 to version 8.0.1, 7.6.0 to version 7.6.4, 7.4.0 to version 7.4.9, 7.2.0 to version 7.2.11 and 7.0.0 to version 7.011, which stems from a history of relative paths that may lead to the execution of management orders.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
飞塔
Published
2025-11-14
Last Modified
2026-02-24
References
https://github.com/watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypass https://fortiguard.fortinet.com/psirt/FG-IR-25-910 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-64446 https://access.redhat.com/security/cve/cve-2025-64446 https://cxsecurity.com/issue/WLB-2025110012
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-25-910
Share on: