Vulnerabilities > Fortinet > Fortiportal > 4.2.1

DATE CVE VULNERABILITY TITLE RISK
2021-08-04 CVE-2021-36168 Path Traversal vulnerability in Fortinet Fortiportal
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values.
network
low complexity
fortinet CWE-22
6.5
6.5
2021-08-04 CVE-2021-32590 SQL Injection vulnerability in Fortinet Fortiportal
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests.
network
low complexity
fortinet CWE-89
8.8
8.8
2021-08-04 CVE-2021-32594 Unrestricted Upload of File with Dangerous Type vulnerability in Fortinet Fortiportal
An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files.
network
low complexity
fortinet CWE-434
8.1
8.1