CVE-2023-36634

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-73
View all →

Vulnerability Description

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.

Related Vulnerabilities

CVE-2020-25161

HIGH
CVSS:8.8(High)

The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administ...

CWE-732020

CVE-2021-3626

HIGH
CVSS:8.8(High)

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege es...

CWE-732021

CVE-2022-2431

HIGH
CVSS:8.8(High)

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles...

CWE-732022

CVE-2022-31739

HIGH
CVSS:8.8(High)

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %...

CWE-732022

CVE-2023-35985

HIGH
CVSS:8.8(High)

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted mal...

CWE-732023

CVE-2023-36764

HIGH
CVSS:8.8(High)

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CWE-732023