Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/advisory/FG-IR-21-084 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
11 Aug 2021, 00:11
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 8.8 |
| CWE | CWE-89 | |
| References | (CONFIRM) https://fortiguard.com/advisory/FG-IR-21-084 - Vendor Advisory |
04 Aug 2021, 14:32
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-08-04 14:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-32590
Mitre link : CVE-2021-32590
CVE.ORG link : CVE-2021-32590
JSON object : View
Products Affected
fortinet
- fortiportal
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')