Fortinet FortiWeb < 5.2.0 Multiple XSRF Vulnerabilities
Medium Nessus Plugin ID 74105
Synopsis
The remote host is affected by multiple cross-site request forgery vulnerabilities.
Description
The remote host running FortiWeb prior to 5.2.0. It is, therefore, affected by multiple cross-site request forgery (XSRF) vulnerabilities in the web UI due to a lack of XSRF token protection. A remote, unauthenticated attacker could potentially exploit this vulnerability to perform administrative actions.
Solution
Upgrade to Fortinet FortiWeb 5.2.0 or later.