Shodan
Vulnerabilities
Vulnerable Software
Fortinet:  >> Fortiweb  >> 7.4.7  Security Vulnerabilities
CVE-2025-52970
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.
CVSS Score
8.1
EPSS Score
0.003
Published
2025-08-12
CVE-2025-32766
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands
CVSS Score
6.4
EPSS Score
0.0
Published
2025-08-12
CVE-2025-47857
A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-08-12
CVE-2025-27759
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI commands
CVSS Score
6.7
EPSS Score
0.0
Published
2025-08-12
CVE-2025-25257
Known exploited
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
CVSS Score
9.8
EPSS Score
0.477
Published
2025-07-17
CVE-2024-55593
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries
CVSS Score
2.7
EPSS Score
0.001
Published
2025-01-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved