CVE-2023-48788
Fortinet FortiClient EMS SQL Injection Vulnerability
CVSS
—
No CVSS
EPSS
97.6%
p100
KEV
YES
Mar 25, 2024
Exploit Today
80
0-100
Published: — · Last modified: —
97.6%EPSS · 30 days97.6%
2026-06-302026-07-16
Product
Fortinet / FortiClient EMS
Vulnerability
Fortinet FortiClient EMS SQL Injection Vulnerability
Added to KEV
Mar 25, 2024
Remediate by
Apr 15, 2024
Known ransomware use
Yes
Summary description
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://www.fortiguard.com/psirt/FG-IR-24-007; https://nvd.nist.gov/vuln/detail/CVE-2023-48788