Fortinet FortiWeb < 5.2.0 Multiple XSRF Vulnerabilities
Medium Nessus Plugin ID 74105
SynopsisThe remote host is affected by multiple cross-site request forgery vulnerabilities.
DescriptionThe remote host running FortiWeb prior to 5.2.0. It is, therefore, affected by multiple cross-site request forgery (XSRF) vulnerabilities in the web UI due to a lack of XSRF token protection. A remote, unauthenticated attacker could potentially exploit this vulnerability to perform administrative actions.
SolutionUpgrade to Fortinet FortiWeb 5.2.0 or later.