Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/advisory/FG-IR-21-084 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2021-08-04T13:31:30
Updated: 2024-08-03T23:25:30.415Z
Reserved: 2021-05-11T00:00:00
Link: CVE-2021-32590
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-08-04T14:15:08.200
Modified: 2021-08-11T00:11:43.947
Link: CVE-2021-32590
Redhat
No data.