Vulnerabilities > Fortinet > Fortiportal > 7.0.4

DATE CVE VULNERABILITY TITLE RISK
2025-01-14 CVE-2024-35278 SQL Injection vulnerability in Fortinet Fortiportal
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request.
network
low complexity
fortinet CWE-89
4.3
2024-07-09 CVE-2024-21759 Unspecified vulnerability in Fortinet Fortiportal
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests.
network
low complexity
fortinet
4.3
2024-06-11 CVE-2024-31495 Unspecified vulnerability in Fortinet Fortiportal
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality.
network
low complexity
fortinet
2.7
2024-05-14 CVE-2024-23105 Unspecified vulnerability in Fortinet Fortiportal
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.
network
high complexity
fortinet
7.5
2024-03-12 CVE-2024-21761 Unspecified vulnerability in Fortinet Fortiportal
An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload.
network
low complexity
fortinet
4.3
2024-01-10 CVE-2023-46712 Unspecified vulnerability in Fortinet Fortiportal
A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests.
network
low complexity
fortinet
8.8
2024-01-10 CVE-2023-48783 Unspecified vulnerability in Fortinet Fortiportal
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests.
network
low complexity
fortinet
5.4
2023-12-13 CVE-2023-48791 Command Injection vulnerability in Fortinet Fortiportal
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.
network
low complexity
fortinet CWE-77
8.8