An improper neutralization of special elements used in an OS command (‘OS Command Injection’) [CWE-78] vulnerability in FortiWLM may allow an authenticated attacker to execute arbitrary shell commands via crafted HTTP requests to the alarm dashboard and controller config handlers.