An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
Published: 2019-06-04
CVSS: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Download CVE-2018-13379 POC (Proof-of-Concept) here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
https://connollyfinan.ie/poc-251-cve-2025-55184/
https://connollyfinan.ie/poc-87-cve-2024-30362/
https://connollyfinan.ie/poc-248-cve-2021-34527/