CVE-2023-48788

CVE Database · CVE-2023-48788

CVE-2023-48788

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

98.53%

Published

Mar 12, 2024

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2024-03-25 · Due: 2024-04-15

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (2)

All weaponized →

TrickestTrickest PoC index GitHub PoChorizon3ai/CVE-2023-48788★54

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-89

Affected Products (2)

fortinet · forticlient_enterprise_management_server (up to 7.0.11)vulnerable

fortinet · forticlient_enterprise_management_server (up to 7.2.3)vulnerable

References (3)

https://fortiguard.com/psirt/FG-IR-24-007

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-24-007

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-48788

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs