CVE-2024-50569

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 7.0.0 through 7.6.0

Description: The issue exists due to the improper neutralization of special elements used in an os command, which can be exploited by an attacker to execute unauthorized code or commands via crafted input. This can allow a remote attacker to execute arbitrary commands or code by sending specially crafted requests.

Recommendations: For FortiWeb versions 7.0.0 through 7.6.0, consider disabling the vulnerable os command injection functionality until a patch is available. Restrict access to the system to minimize the risk of exploitation. Avoid using specially crafted input that could trigger the os command injection vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.