CNNVD-202511-2017 Information
CNNVD ID
CNNVD-202511-2017
Related CVE
- CNNVD Published: 2025-11-18
Description (Chinese)
Fortinet FortiWeb是美国飞塔(Fortinet)公司的一款Web应用层防火墙,它能够阻断如跨站点脚本、SQL注入、Cookie中毒、schema中毒等攻击的威胁,保证Web应用程序的安全性并保护敏感的数据库内容。 Fortinet FortiWeb存在安全漏洞,该漏洞源于OS命令中和不当,可能导致执行任意代码。以下版本受到影响:8.0.0版本至8.0.1版本、7.6.0版本至7.6.5版本、7.4.0版本至7.4.10版本、7.2.0版本至7.2.11版本和7.0.0版本至7.0.11版本。
Description (English)
Fortinet FortiWeb, a fireproof wall for the Fortinet application of the United States, can disrupt the threat of attacks such as cross-site scripts, SQL injections, Cookie poisoning and schema poisoning, ensure the safety of Web applications and protect sensitive database content. Fortinet FortiWeb had a security loophole that originated in inappropriate OS orders and could lead to the enforcement of arbitrary codes. The following versions were affected: 8.0.0 to 8.0.1, 7.6.0 to 7.6.5, 7.4.0 to 7.4.10, 7.2.0 to 7.2.11 and 7.0.0 to 7.0.11.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
飞塔
Published
2025-11-18
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-513 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-58034 https://access.redhat.com/security/cve/cve-2025-58034
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-25-513
Share on: