Vulnerability CVE-2023-48788
Published: 2024-03-12

Description:
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution
Spencer McIntyre
25.04.2024

Type:

CWE-89

 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
https://fortiguard.com/psirt/FG-IR-23-430
Copyright 2024, cxsecurity.com

 

Back to Top