Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)

A recently fixed SQL injection vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Endpoint Management Server (EMS) solution has apparently piqued the interest of many: Horizon3’s Attack Team means to publish technical details and a proof-of-concept exploit for it next week, and someone is attempting to sell a PoC for less than $300 via GitHub. About CVE-2023-48788 CVE-2023-48788 is one of the several vulnerabilities recently patched by Fortinet. “An improper neutralization of special elements used in an SQL … More →

The post …

attack concept critical cve don't miss endpoint endpoint management exploit fake fortinet horizon3 horizon3.ai hot stuff injection interest management next poc proof proof-of-concept sale sans isc sell server solution sql sql injection team technical technical details vulnerability week