An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.
Please upgrade to FortiWeb version 7.0.5 or above. Please upgrade to FortiWeb version 7.2.0 or above.