CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Vulnerability.
Fortinet FortiClient EMS SQL Injection Vulnerability. Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
- CISA KEV-listed (remediation due 2024-04-15)
- used in ransomware campaigns
- EPSS 94.1% (99.9% percentile)