CVE-2023-48788: Fortinet FortiClientEMS SQL Injection Deep Dive

Introduction In a recent PSIRT, Fortinet acknowledged CVE-2023-48788 – a SQL injection in FortiClient EMS that can lead to remote code execution. FortiClient EMS is an endpoint management solution for enterprises that provides a central location for administering enrolled endpoints. This SQL injection vulnerability is caused by user controlled strings that are passed directly into database queries. In this post we will examine the internal workings of the exploit. Our POC can be found here. An improper neutralization of special …

attack blogs attack research can code code execution cve deep dive dive endpoint endpoint management endpoints enterprises fortinet injection introduction location management psirt remote code remote code execution solution sql sql injection strings vulnerability