CVE-2016-8494 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2016-8494

CWE

https://cwe.mitre.org/data/definitions/264.html

Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme.

Affected Software

Name	Vendor	Start Version	End Version
Connect	Fortinet	14.2 (including)	14.2 (including)
Connect	Fortinet	14.10 (including)	14.10 (including)
Connect	Fortinet	15.10 (including)	15.10 (including)
Connect	Fortinet	16.7 (including)	16.7 (including)

References

http://www.securityfocus.com/bid/96159
https://fortiguard.com/advisory/FG-IR-16-080
http://www.securityfocus.com/bid/96159
https://fortiguard.com/advisory/FG-IR-16-080