Unrated severityCISA KEVNVD Advisory· Published Mar 12, 2024· Updated Oct 21, 2025
CVE-2023-48788
CVE-2023-48788
Description
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
Affected products
2>=7.0.1, <=7.0.10 || >=7.2.0, <=7.2.2+ 1 more
- (no CPE)range: >=7.0.1, <=7.0.10 || >=7.2.0, <=7.2.2
- (no CPE)range: 7.2.0
Patches
Vulnerability mechanics
References
1News mentions
2- INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023The Hacker News · Jun 18, 2026
- INC Ransomware Thrives by Mastering the BasicsDark Reading · Jun 17, 2026