2021-08-04 13:31:30
fortinet
PUBLISHED
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular users privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests.