CVE-2023-23778

A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-22-142 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*

History

28 Feb 2023, 19:56

Type Values Removed Values Added
New CVE

Information

Published : 2023-02-16 19:15

Updated : 2024-02-04 23:14


NVD link : CVE-2023-23778

Mitre link : CVE-2023-23778

CVE.ORG link : CVE-2023-23778


JSON object : View

Products Affected

fortinet

  • fortiweb
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-23

Relative Path Traversal