Researchers find high-severity command injection vuln in Fortinet's web app firewall