CVE-2023-48791: An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version...

7.9 CVSS

Description

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.

Classification

CVE ID: CVE-2023-48791

CVSS Base Severity: HIGH

CVSS Base Score: 7.9

Affected Products

Vendor: Fortinet

Product: FortiPortal

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.18% (probability of being exploited)

EPSS Percentile: 55.25% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://fortiguard.com/psirt/FG-IR-23-425

Timeline

2024-12-03 00:11:36 UTC
CVE

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version...