CVE-2024-31495
CVE-2024-31495
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Produtos afetados
Fortinet · FortiPortalQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →