A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-24-007 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 May 2024, 18:00
Type | Values Removed | Values Added |
---|---|---|
References | () https://fortiguard.com/psirt/FG-IR-24-007 - Vendor Advisory |
19 Mar 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
15 Mar 2024, 14:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://fortiguard.com/psirt/FG-IR-23-430 - Vendor Advisory | |
Summary |
|
|
CPE | cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:* | |
First Time |
Fortinet forticlient Enterprise Management Server
Fortinet |
12 Mar 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-12 15:15
Updated : 2024-05-23 18:00
NVD link : CVE-2023-48788
Mitre link : CVE-2023-48788
CVE.ORG link : CVE-2023-48788
JSON object : View
Products Affected
fortinet
- forticlient_enterprise_management_server
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')