CVEs-PoC/2018/CVE-2018-13382.md

### [CVE-2018-13382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13382)
![](https://img.shields.io/static/v1?label=Product&message=Fortinet%20FortiOS%2C%20FortiProxy&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Control&color=brighgreen)

### Description

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/GhostTroops/TOP
- https://github.com/JERRY123S/all-poc
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/SexyBeast233/SecBooks
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/dhn/exploits
- https://github.com/hktalent/TOP
- https://github.com/jam620/forti-vpn
- https://github.com/jbmihoub/all-poc
- https://github.com/milo2012/CVE-2018-13382
- https://github.com/tumikoto/Exploit-FortinetMagicBackdoor
- https://github.com/tumikoto/exploit-fortinetmagicbackdoor
- https://github.com/ugur-ercan/exploit-collection
- https://github.com/weeka10/-hktalent-TOP