FortiClientEMS - CSV injection in log download feature

An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiClientEMS may allow a remote and unauthenticated attacker to execute arbitrary commands on the admin workstation via creating malicious log entries with crafted requests to the server.

admin attacker csv cwe download feature file injection log malicious may requests server unauthenticated vulnerability workstation