Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 up to and including 6.0.4, 5.3.0 up to and including 5.3.5, 5.2.0 up to and including 5.2.5, and 4.2.2 and previous versions may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiportal |