FortiPortal - Path traversal in controller
A protection mechanism failure vulnerability (CWE-693) resulting in improperly limiting pathname to a restricted directory in FortiPortal may allow an authenticated attacker to perform a path traversal attack via maliciously crafted GET parameters.
FortiPortal versions 5.2.5 and below.
FortiPortal versions 5.3.5 and below.
FortiPortal versions 6.0.4 and below.
Please upgrade to FortiPortal version 5.2.6 or above.
Please upgrade to FortiPortal version 5.3.6 or above.
Please upgrade to FortiPortal version 6.0.5 or above.