### [CVE-2024-21761](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21761)
![](https://img.shields.io/static/v1?label=Product&message=FortiPortal&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%207.2.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20access%20control&color=brighgreen)

### Description

An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/vulsio/go-cve-dictionary