CVE-2023-23779 Information

Description

Multiple improper neutralization of special elements used in an OS Command (‘OS Command Injection’) vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below 6.4 all versions version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.

Reference

https://fortiguard.com/psirt/FG-IR-22-133