CVE-2024-31495
CVE-2024-31495
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Productos afectados
Fortinet · FortiPortal¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →