CVE-2021-22123

HIGH

Fortinet Fortiweb < 6.2.4 - OS Command Injection

Title source: rule

Description

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.

Exploits (1)

nomisec WORKING POC 6 stars

by murataydemir · poc

https://github.com/murataydemir/CVE-2021-22123

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://fortiguard.com/advisory/FG-IR-20-120

Scores

CVSS v3 7.6

EPSS 0.8050

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Details

CWE

CWE-78

Status published

Products (1)

fortinet/fortiweb 5.9.0 - 6.2.4

Published Jun 01, 2021

Tracked Since Feb 18, 2026