VYPR
Unrated severityCISA KEVNVD Advisory· Published Mar 12, 2024· Updated Oct 21, 2025

CVE-2023-48788

CVE-2023-48788

Description

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.

Affected products

2
  • Fortinet/Forticlientemsllm-fuzzy2 versions
    >=7.0.1, <=7.0.10 || >=7.2.0, <=7.2.2+ 1 more
    • (no CPE)range: >=7.0.1, <=7.0.10 || >=7.2.0, <=7.2.2
    • (no CPE)range: 7.2.0

Patches

Vulnerability mechanics

References

1

News mentions

2