Skip to main content

CVE-2023-48788

Description

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.

Fortinet, Inc.
Severity: CRITICAL
CVE ID: CVE-2023-48788
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

horizon3ai

Fortinet FortiClient EMS SQL Injection

Refrence: GitHub

Tags:
Last updated on by Vulnerability_bot_v1.3.8