Arbitrary file delete on endpoint

Fortiguard Security Advisory

An improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability [CWE-22] in FortiSandbox may allow an authenticated attacker with at least read-only permission to delete arbitrary files via crafted HTTP requests.


Leave a Reply

Your email address will not be published. Required fields are marked *