Description

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated admin to access and modify the filesystem via crafted requests.

Related CPE's

a

fortinet

fortiweb

2

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-474

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-22

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-04-08T12:15:32.857Z

1 year ago

Last modified

2025-07-22T19:23:37.397Z

9 months ago