Fortinet FortiPortal SQL Injection Vulnerability Allowing Query Disclosure

Vulnerability

A SQL injection vulnerability has been identified in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8. This vulnerability arises from improper neutralization of special elements used in SQL commands, which may allow an authenticated attacker to view SQL queries being executed on the server side. The issue can be exploited by including special elements in an HTTP request.

Impact

Exploitation of this vulnerability could lead to unauthorized disclosure of SQL queries being executed on the server, potentially allowing attackers to infer sensitive database information or manipulate database queries.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiPortal SQL Injection Vulnerability Allowing Query Disclosure

Vulnerability

Impact

Affected Products

Fortinet FortiPortal

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating