Fortinet FortiWeb cgi_xmlprotection_xmlschemafile_post Directory Traversal Arbitrary File Write Vulnerability (CVE-2024-55597)
CVE number = CVE-2024-55597
This vulnerability allows remote attackers to create arbitrary XML schema files on affected installations of Fortinet FortiWeb.
Authentication is required to exploit this vulnerability.
The specific flaw exists within the cgi_xmlprotection_xmlschemafile_post function.
The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations.
An attacker can leverage this vulnerability to create XML schema files in the context of root.
Further information – https://fortiguard.com/psirt/FG-IR-24-439
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.