CVE-2024-31495 Information

Jun 12, 2024 cve

Description

A improper neutralization of special elements used in an sql command (‘sql injection’) in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality.

Reference

https://fortiguard.fortinet.com/psirt/FG-IR-24-128

Share on: