CVE-2023-48788 - Fortinet FortiClient EMS SQL Injection Vulnerability

CVE ID:CVE-2023-48788

Project:Fortinet

Product:FortiClient EMS

Date Added:2024-03-25Due Date:2024-04-15

Vulnerability Name

Fortinet FortiClient EMS SQL Injection Vulnerability

Description

Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.fortiguard.com/psirt/FG-IR-24-007

https://nvd.nist.gov/vuln/detail/CVE-2023-48788

Latest Security News

Latest CVE List

Top Alert List

CSP
Content Security Policy (CSP) Header Not Set
MediumAbsence of Anti-CSRF Tokens
MediumMissing Anti-clickjacking Header
InformationalInformation Disclosure - Suspicious Comments
LowCross-Domain JavaScript Source File Inclusion
MediumContent Security Policy (CSP) Header Not Set
LowTimestamp Disclosure - Unix
LowCSP: X-Content-Security-Policy
InformationalRe-examine Cache-control Directives