An improper neutralization of special elements used in a...
High severity
Unreviewed
Published
Dec 13, 2023
to the GitHub Advisory Database
•
Updated Dec 13, 2023
Description
Published by the National Vulnerability Database
Dec 13, 2023
Published to the GitHub Advisory Database
Dec 13, 2023
Last updated
Dec 13, 2023
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.
References