CVE-2023-48788
published 2024-03-12CVE-2023-48788: A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2024-04-15
Exploited in the wild
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | forticlient_enterprise_management_server | >= 7.0.1 < 7.0.11 | 7.0.11 |
| fortinet | forticlient_enterprise_management_server | >= 7.2.0 < 7.2.3 | 7.2.3 |
| fortinet | forticlientems | — | — |
| fortinet | forticlientems | 7.0.1 – 7.0.10 | — |
| fortinet | forticlientems | 7.2.0 – 7.2.2 | — |
| fortinet | forticliententerprisemanagementserver | — | — |
| fortinet | fortinet | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL