CVE-2023-48788

Fortinet / FortiClient EMS

Ransomware campaign Added 2024-03-25 Due 2024-04-15

Fortinet FortiClient EMS SQL Injection Vulnerability

Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes: https://www.fortiguard.com/psirt/FG-IR-24-007; https://nvd.nist.gov/vuln/detail/CVE-2023-48788

Metadata

Added to KEV	2024-03-25
Remediation due	2024-04-15
Ransomware use	Known
CWEs	CWE-89
Ingested	2026-04-24 15:03:13

Cross-mesh regulatory overlay LexiWorld · RegulatoryRadar

If you're breached via this CVE, what disclosure laws and cyber regs fire? Asks LexiWorld and RegulatoryRadar via signed mesh.