CVE-2023-23779

Name of the Vulnerable Software and Affected Versions FortiWeb versions 7.0.1 and below FortiWeb version 6.4 and all versions FortiWeb version 6.3.19 and below

Description The issue is related to improper neutralization of special elements used in an OS Command, which may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. Exploitation of this issue can enable a remote attacker to execute arbitrary code by sending specially crafted HTTP requests.

Recommendations For FortiWeb versions 7.0.1 and below, update to a version above 7.0.1 to resolve the issue. For FortiWeb version 6.4 and all versions, consider disabling the vulnerable functionality until a patch is available. For FortiWeb version 6.3.19 and below, update to a version above 6.3.19 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable module to minimize the risk of exploitation.