A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request.
CVE ID: CVE-2024-35278
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.1
Vendor: Fortinet
Product: FortiPortal
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 16.23% (scored less or equal to compared to others)
EPSS Date: 2025-02-12 (when was this score calculated)