CVE-2023-34990

CRITICAL NUCLEI

Fortinet Fortiwlm < 8.5.5 - Code Injection

Title source: rule

Description

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.

Nuclei Templates (1)

FortiWLM - Directory Traversal

CRITICALby DhiyaneshDk

Shodan: title:"FortiWLM Login"

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-23-144

Scores

CVSS v3 9.8

EPSS 0.5269

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-94 CWE-23

Status published

Affected Products (1)

fortinet/fortiwlm < 8.5.5

Timeline

Published Dec 18, 2024

Tracked Since Feb 18, 2026