CVE-2021-32594

Name of the Vulnerable Software and Affected Versions FortiPortal versions 4.2.2 and earlier FortiPortal versions 5.2.0 through 5.2.5 FortiPortal versions 5.3.0 through 5.3.5 FortiPortal versions 6.0.0 through 6.0.4

Description An unrestricted file upload vulnerability in the web interface of FortiPortal may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files.

Recommendations For FortiPortal versions 4.2.2 and earlier, update to a version later than 4.2.2 to resolve the issue. For FortiPortal versions 5.2.0 through 5.2.5, update to a version later than 5.2.5 to resolve the issue. For FortiPortal versions 5.3.0 through 5.3.5, update to a version later than 5.3.5 to resolve the issue. For FortiPortal versions 6.0.0 through 6.0.4, update to a version later than 6.0.4 to resolve the issue. As a temporary workaround, consider restricting file uploads in the web interface until a patch is available.