by vicarius
log in join community
by @secatgourity
18 Apr 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Exploiting the SQLi in Fortinet FortiClient EMS - CVE-2023-48788

by @secatgourity
by @secatgourity
18 Apr 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Exploiting the SQLi in Fortinet FortiClient EMS - CVE-2023-48788

CVEs

CVE-2023-48788
9.8 Critical Severity

Screenshots from the blog posts

images/clv46at4l4gnl1imx1cxld9l1.jpgimages/clv46at4l4gnl1imx1cxld9l1.jpg

Summary

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets. This post breaks down the existing exploit made publicly available by the Horizon3.ai team.

Script link

CVE-2023-48788/CVE-2023-48788.py at main · horizon3ai/CVE-2023-48788

Fortinet FortiClient EMS SQL Injection. Contribute to horizon3ai/CVE-2023-48788 development by creating an account on GitHub.

image

Description

Tags

#easy_to_exploit#trendingCVE#exploited#SQLi#fortinet#unauthenticated#FortiClient

@secatgourity

190 posts

Total vcoins

0

Social media links

Comments (0)