SQL Injection Vulnerability in Fortinet FortiPortal Affects Multiple Versions
CVE-2024-35278
Currently unrated
Summary
An improper neutralization of special elements used in SQL commands in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 permits authenticated attackers to manipulate HTTP requests, potentially revealing executed SQL queries on the server side. This vulnerability emphasizes the need for secure coding practices to mitigate SQL injection risks and to protect sensitive data from unauthorized access.
References
Timeline
Vulnerability published