CVE-2024-48889 Information

Description

An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiManager version 7.6.0 version 7.4.4 and below version 7.2.7 and below version 7.0.12 and below version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below version 7.2.7 to 7.2.1 version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.

Reference

https://fortiguard.fortinet.com/psirt/FG-IR-24-425