A command injection vulnerability exists in Fortinet FortiWLC, a wireless LAN controller from Fortinet, which stems from a failure to properly validate input data in the alert dashboard and controller configuration handler. HTTP requests and execute arbitrary operating system commands on the target system.