CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-35278: A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and...

4.1 CVSS

Description

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request.

Classification

CVE ID: CVE-2024-35278

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.1

Affected Products

Vendor: Fortinet

Product: FortiPortal

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 16.23% (scored less or equal to compared to others)

EPSS Date: 2025-02-12 (when was this score calculated)

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-086

Timeline

2025-01-15 00:30:25 UTC
CVE

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and...