{"vulnerability": "CVE-2021-36168", "sightings": [{"uuid": "53b8e437-0dbf-49dd-b900-9acaa3e6dff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36168", "type": "seen", "source": "https://t.me/cibsecurity/26814", "content": "\u203c CVE-2021-36168 \u203c\n\nA Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request\u00c2\u00a0with malicious\u00c2\u00a0parameter values.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-04T19:24:30.000000Z"}, {"uuid": "b8c828bc-8ab5-4325-bdbc-61fc4ff6b2d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36168", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/4061", "content": "#Threat_Research\n1. Fortinet FortiPortal Vulnerability Disclosures (CVE-2021-32588, CVE-2021-36168)\nhttps://insomniasec.com/blog/fortiportal-disclosures\n2. Modify in-flight data to payment provider Smart2Pay\nhttps://hackerone.com/reports/1295844", "creation_timestamp": "2021-08-14T13:25:01.000000Z"}]}