Vulnerabilities > Fortinet > Fortiportal > 7.0.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-35278 | SQL Injection vulnerability in Fortinet Fortiportal A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request. | 4.3 |
| 2024-07-09 | CVE-2024-21759 | Unspecified vulnerability in Fortinet Fortiportal An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. | 4.3 |
| 2024-06-11 | CVE-2024-31495 | Unspecified vulnerability in Fortinet Fortiportal A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality. | 2.7 |
| 2024-05-14 | CVE-2024-23105 | Unspecified vulnerability in Fortinet Fortiportal A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets. | 7.5 |
| 2024-03-12 | CVE-2024-21761 | Unspecified vulnerability in Fortinet Fortiportal An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload. | 4.3 |
| 2024-01-10 | CVE-2023-46712 | Unspecified vulnerability in Fortinet Fortiportal A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests. | 8.8 |
| 2024-01-10 | CVE-2023-48783 | Unspecified vulnerability in Fortinet Fortiportal An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. | 5.4 |
| 2023-12-13 | CVE-2023-48791 | Command Injection vulnerability in Fortinet Fortiportal An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field. | 8.8 |