Lucene search
PRIOn knowledge basePRION:CVE-2021-32590HistoryAug 04, 2021 - 2:15 p.m.
Command injection
2021-08-0414:15:00
PRIOn knowledge base
www.prio-n.com
2
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular userβs privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fortiportal | ge | 6.0.0 | |
| fortiportal | lt | 6.0.5 | |
| fortiportal | ge | 5.3.0 | |
| fortiportal | lt | 5.3.6 | |
| fortiportal | ge | 5.2.0 | |
| fortiportal | lt | 5.2.6 | |
| fortiportal | ge | 5.1.0 | |
| fortiportal | le | 5.1.2 | |
| fortiportal | ge | 5.0.0 | |
| fortiportal | le | 5.0.3 |
References
Related
cve
cve
CVE-2021-32590
2021-08-04 14:15:08
nvd
nvd
CVE-2021-32590
2021-08-04 14:15:08
cnvd
cnvd
Fortinet FortiPortal SQL Injection Vulnerability
2021-08-04 00:00:00
d0znpp
d0znpp
A1:InjectionβββTop 10 OWASP 2017
2021-09-08 05:24:20
fortinet
fortinet
FortiPortal - Pervasive SQL injections
2021-08-03 00:00:00
cvelist
cvelist
CVE-2021-32590
2021-08-04 13:31:30