FortiPortal – Schedule System Backup Page OS Command Injection

Fortiguard Security Advisory

An improper neutralization of special elements used in a command (‘Command Injection’) vulnerability [CWE-77] in FortiPortal may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.