FortiLogger < 5.2.0 - Arbitrary File Upload via Hotspot Logo Upload
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.
SonLogger < 6.4.1 - Unauthenticated User Creation with Arbitrary Permissions via /User/saveUser
SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.