CVE-2024-35278 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.…
Medium CVSS: 4.3

CVE-2024-35278

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request.
Vendor
Fortinet
Product
Fortiportal
CWE
CWE-89
Yayın Tarihi
2025-01-14 14:15:30
Güncelleme
2025-01-31 17:09:31
Source Identifier
psirt@fortinet.com
KEV Date Added
-

Kategoriler

CWE-89 Fortiportal MEDIUM Fortinet 2025

Referanslar

https://fortiguard.fortinet.com/psirt/FG-IR-24-086