Known vulnerabilities in Fortinet, Inc FortiWeb 7.0.3

Vendor: Fortinet, Inc

Website: https://www.fortinet.com/

Total Security Bulletins: 30

Security bulletins (30)

Secuity bulletin	Severity	Status	Published
SB2025120952: Authentication bypass in FortiWeb	High	Patched	09.12.2025
SB2025120951: Use of Password Hash Instead of Password for Authentication in FortiWeb	Low	Patched	09.12.2025
SB2025111872: OS Command Injection in FortiWeb	High	Patched Exploited	18.11.2025
SB2025111864: Use of hard-coded redis credentials in FortiWeb	Low	Patched	18.11.2025
SB20251114107: Unauthenticated path traversal in FortiWeb	Critical	Patched Exploited	14.11.2025
SB2025101507: Insertion of Sensitive Information Into Sent Data in Fortinet products	Low	Patched	15.10.2025
SB2025090983: Relative path traversal in FortiWeb	Low	Patched	09.09.2025
SB20250812108: Improper Handling of Parameters in FortiWeb	High	Patched Public exploit	12.08.2025
SB20250812103: OS Command Injection in FortiWeb	Low	Patched	12.08.2025
SB2025070847: SQL injection in FortiWeb	High	Patched Exploited	08.07.2025
SB2025040913: MitM attack in FortiWeb	High	Patched	09.04.2025
SB2025040904: Privilege escalation in FortiWeb	Low	Patched	09.04.2025
SB2025040873: Privilege escalation in FortiWeb	Low	Patched	08.04.2025
SB2025031329: Web application firewall rules bypass in FortiWeb	Medium	Patched	13.03.2025
SB2025031211: Privilege escalation in FortiWeb	Low	Patched	12.03.2025
SB2025031203: Authenticated path traversal in FortiWeb	Low	Patched	12.03.2025
SB20250211157: Two OS command injection vulnerabilities in FortiWeb	Low	Patched	11.02.2025
SB2025012103: Authenticated SQL injection in FortiWeb	Low	Patched	21.01.2025
SB2025011656: Multiple path traversal vulnerabilities in FortiWeb	Medium	Patched	16.01.2025
SB2024111418: Information disclosure in FortiWeb	Low	Patched	14.11.2024
SB20240709122: MitM attack in FortiWeb	Medium	Patched	09.07.2024
SB20240611286: Improper authorization in FortiWeb	Medium	Patched	11.06.2024
SB2024051630: Information disclosure in FortiWeb	Low	Patched	16.05.2024
SB2023121849: Log injection in FortiWeb	Medium	Patched	18.12.2023
SB2023091601: Security restrictions bypass in Fortinet FortiWeb	Medium	Patched	16.09.2023
SB2023070504: Denial of service in multiple Fortinet products firmware upgrade function	Low	Patched	05.07.2023
SB2023041322: Stored XSS in FortiWeb	Medium	Patched	13.04.2023
SB2023041321: Local OS command injection in FortiWeb and FortiADC	Low	Patched	13.04.2023
SB2023021733: Double free in FortiWeb	Low	Patched	17.02.2023
SB2023021678: Improper authorization in FortiWeb	Medium	Patched	16.02.2023