CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-48791
https://notcve.org/view.php?id=CVE-2023-48791
13 Dec 2023 — An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field. Una neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ('Inyección de comando') [CWE-77] en FortiPortal versión 7.2.0, versi... • https://fortiguard.com/psirt/FG-IR-23-425 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43954
https://notcve.org/view.php?id=CVE-2022-43954
16 Feb 2023 — An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. • https://fortiguard.com/psirt/FG-IR-22-430 • CWE-532: Insertion of Sensitive Information into Log File •