all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

FortiManager - Code Injection via Jinja Template

Add to bookmarks
April 9, 2024, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper neutralization of special elements used in a template engine [CWE-1336] vulnerability in FortiManager provisioning templates may allow a local authenticated attacker with at least read-only permissions to execute arbitrary code via specially crafted templates.

arbitrary code attacker code code injection cwe engine fortimanager injection local may permissions special template templates vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS/FortiProxy - XSS in reboot page 6 days, 14 hours ago | fortiguard.fortinet.com
access admin attacker code +18
Stack buffer overflow on bluetooth write feature 6 days, 14 hours ago | fortiguard.fortinet.com
arbitrary code arbitrary code execution attacker bluetooth +14
Blind SQL Injection 6 days, 14 hours ago | fortiguard.fortinet.com
blind command cwe download +8
Buffer overflow in fgfmd 6 days, 14 hours ago | fortiguard.fortinet.com
arbitrary code attacker buffer buffer overflow +15
FortiSOAR is vulnerable to sql injection in Event Auth API via uuid parameter 6 days, 14 hours ago | fortiguard.fortinet.com
api attacker auth code +14
Multiple buffer overflows in diag npu command 6 days, 14 hours ago | fortiguard.fortinet.com
attacker buffer buffer overflow buffer overflows +14
TunnelVision - CVE-2024-3661 6 days, 14 hours ago | fortiguard.fortinet.com
attack attacker aware bypass +18
Weak key derivation for backup file 6 days, 14 hours ago | fortiguard.fortinet.com
access admin attacker backup +14
Buffer overflow in administrative interface 1 month ago | fortiguard.fortinet.com
arbitrary code attacker buffer buffer overflow +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
View on infosec-jobs.com

Manager Pentest H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Information System Security Officer

@ Parsons Corporation | USA VA Chantilly (Client Site)
View on infosec-jobs.com

Vulnerability Analyst, Mid

@ Booz Allen Hamilton | USA, VA, McLean (8283 Greensboro Dr, Hamilton)
View on infosec-jobs.com

SAP Security and Compliance Auditor

@ Bosch Group | Warszawa, Poland
View on infosec-jobs.com

Head of Product Security (Business team)

@ Zalando | Berlin
View on infosec-jobs.com