7 matches found
CVE-2023-48788
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets...
CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday placed three security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities added are as follows - CVE-2023-48788 CVSS score: 9.3 - Fortinet FortiClient EMS SQL...
Exploit for SQL Injection in Fortinet Forticlient_Enterprise_Management_Server
CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerab...
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software
Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. "An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiClientEMS may allow a...
Fortinet FortiClient EMS 7.0.x < 7.0.11 / 7.2.x < 7.2.3 (FG-IR-24-007)
The version of Fortinet FortiClient EMS installed on the remote host is prior to 7.0.11 or 7.2.3. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-007 advisory. - A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet...
CVE-2023-48788
creationtimestamp| type| source ---|---|--- 2024-03-12 16:26:39+00:00| seen| https://t.me/ctinow/205806 2024-03-12 16:32:08+00:00| seen| https://t.me/ctinow/205822 2024-03-13 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1246 2024-03-13 15:30:05+00:00| seen|...
CVE-2023-48788
CVE-2023-48788 — Fortinet FortiClient EMS SQLi affects FortiClient EMS servers (versions 7.2.0–7.2.2 and 7.0.1–7.0.10). Root cause: improper neutralization of input in the FCTUID header allows an SQL injection over crafted packets, enabling an unauthenticated attacker to enable xp_cmdshell and ac...