all InfoSec news
CVE-2023-48788: Critical Fortinet FortiClientEMS SQL Injection Vulnerability
Cyber Exposure Alerts www.tenable.com
Fortinet warns of a critical SQL Injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code on vulnerable FortiClientEMS software.
Background
On March 12, Fortinet published an advisory (FG-IR-24-007) to address a critical flaw in its FortiClient Enterprise Management Server (FortiClientEMS), a solution which enables centralized management of multiple endpoints.
CVEDescriptionCVSSv3SeverityCVE-2023-48788Critical SQL Injection Vulnerability (or Improper neutralization of special elements in an SQL command)9.3CriticalAt the time this blog was published, …
address advisory arbitrary code attacker centralized management code critical critical flaw cve endpoints enterprise flaw fortinet injection management march server software solution sql sql injection unauthenticated vulnerability vulnerable