A protection mechanism failure vulnerability (CWE-693) resultingÂ in improperly limiting pathname to a restricted directoryÂ in FortiPortal may allow an authenticated attacker to perform a path traversal attack via maliciously crafted GET parameters.
FortiPortal versions 5.2.5 and below.
FortiPortal versions 5.3.5 and below.
FortiPortal versions 6.0.4 and below.
Please upgrade to FortiPortal version 5.2.6 or above.
Please upgrade to FortiPortal version 5.3.6 or above.
Please upgrade to FortiPortal version 6.0.5 or above.