CVE-2023-48791

Name of the Vulnerable Software and Affected Versions FortiPortal versions 7.0.0 through 7.2.0

Description The issue is related to an improper neutralization of special elements used in a command, which may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field. This can potentially enable an attacker to execute arbitrary code.

Recommendations For FortiPortal versions 7.0.0 through 7.2.0, consider restricting access to the Schedule System Backup page to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using specifically crafted arguments in the Schedule System Backup page field. At the moment, there is no information about a newer version that contains a fix for this vulnerability.