A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Fortiweb | Fortinet | 6.3.6 (including) | 6.3.23 (including) |
| Fortiweb | Fortinet | 6.4.0 (including) | 6.4.3 (including) |
| Fortiweb | Fortinet | 7.0.0 (including) | 7.0.6 (including) |
| Fortiweb | Fortinet | 7.2.0 (including) | 7.2.1 (including) |