Unpatched Remote Hacking Flaw Disclosed in Fortinet’s FortiWeb WAF

Details have emerged about a new unpatched security vulnerability in Fortinet’s web application firewall (WAF) appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system.
“An OS command injection vulnerability in FortiWeb’s management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands