logo
Home/CVEs/CVE-2023-48788/

CVE-2023-48788 - Fortinet FortiClient EMS SQL Injection Vulnerability

Project:Fortinet

Product:FortiClient EMS

Date Added:2024-03-25Due Date:2024-04-15

Vulnerability Name

Fortinet FortiClient EMS SQL Injection Vulnerability

Description

Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.fortiguard.com/psirt/FG-IR-24-007

https://nvd.nist.gov/vuln/detail/CVE-2023-48788

Related News Articles

BadPilot network hacking campaign fuels Russian SandWorm attacksFebruary 13, 2025

Microsoft: Russia's Sandworm APT Exploits Edge Bugs GloballyFebruary 13, 2025

Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ CountriesFebruary 13, 2025

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ CountriesNovember 26, 2024

Salt Typhoon hackers backdoor telcos with new GhostSpider malwareNovember 26, 2024