CVE-2023-42784

Published Mar 11, 2025

Last updated 2 months ago

CVSS medium 5.6

Overview

Description: An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.
Source: psirt@fortinet.com
NVD status: Received

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.6
Impact score: 3.4
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM

Weaknesses

psirt@fortinet.com: CWE-228

Hype score: Not currently trending

CVE-2023-42784 An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 al… https://t.co/U8laPICZ9u
@CVEnew
11 Mar 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References

Sources include official advisories and independent security research.