Multiple improper neutralization of special elements used in an SQL command vulnerabilities (CWE-89) in FortiPortal may allow an attacker with regular userβs privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests.