Vulnerabilities > CVE-2024-31495 - Unspecified vulnerability in Fortinet Fortiportal

CVSS 2.7 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

fortinet

NVD

Published: 2024-06-11

Updated: 2025-01-02

Summary

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality.

Vulnerable Configurations

Part	Description	Count
Application	Fortinet Fortinet Fortiportal 7.2.0 Fortinet Fortiportal 7.0.0 Fortinet Fortiportal 7.0.1 Fortinet Fortiportal 7.0.2 Fortinet Fortiportal 7.0.3 Fortinet Fortiportal 7.0.4 Fortinet Fortiportal 7.0.5 Fortinet Fortiportal 7.0.6	8

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-128
https://fortiguard.fortinet.com/psirt/FG-IR-24-128