CVE-2021-22123

HIGH

FortiWeb 5.9.0-6.2.3 - Authenticated OS Command Injection via SAML Server Configuration

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-22123. PoCs published by murataydemir.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2021-22123, an authenticated OS command injection vulnerability in Fortinet FortiWeb. The exploit leverages the SAML server configuration page to execute arbitrary commands as root via backticks in the 'name' field.

Description

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.

Exploits (1)

nomisec WORKING POC 6 stars
by murataydemir · poc
https://github.com/murataydemir/CVE-2021-22123

This repository contains a functional proof-of-concept exploit for CVE-2021-22123, an authenticated OS command injection vulnerability in Fortinet FortiWeb. The exploit leverages the SAML server configuration page to execute arbitrary commands as root via backticks in the 'name' field.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Fortinet FortiWeb (all versions prior to 6.3.7)
Auth required
Prerequisites: Authenticated access to the FortiWeb management interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-20-120

Scores

CVSS v3 7.6
EPSS 0.7727
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-78
Status published
Products (1)
fortinet/fortiweb 5.9.0 - 6.2.4
Published Jun 01, 2021
Tracked Since Feb 18, 2026