Vulnerabilities > Fortinet > Fortiportal > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-10 | CVE-2023-46712 | Improper Access Control vulnerability in Fortinet Fortiportal A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests. | 8.8 |
| 2023-12-13 | CVE-2023-48791 | Command Injection vulnerability in Fortinet Fortiportal An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field. | 8.8 |
| 2022-04-06 | CVE-2021-26104 | OS Command Injection vulnerability in Fortinet Fortianalyzer, Fortimanager and Fortiportal Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters. | 7.2 |
| 2019-03-25 | CVE-2017-7342 | Improper Input Validation vulnerability in Fortinet Fortiportal A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button | 7.5 |