Fortinet has fixed a high-severity vulnerability affecting its FortiWeb web application firewall (WAF) A remote, authenticated attacker can exploit it to execute arbitrary commands via the SAML server configuration page. The flaw received a CVSSv3 score of 7.4 and the company addressed the issue with the release of Fortinet versions 6.3.8 and 6.2.4. The successful exploitation could potentially lead to a complete takeover of the server. The vulnerability was discovered by cybersecurity firm Positive Technologies.”]
Source: https://securityaffairs.co/wordpress/119387/security/fortinet-fortiweb-waf-flaw.html