{"cve":{"cve_id":"CVE-2023-48788","is_kev":true,"kev_date_added":"2024-03-25","kev_vendor_project":"Fortinet","kev_product":"FortiClient EMS","kev_vulnerability_name":"Fortinet FortiClient EMS SQL Injection Vulnerability","kev_short_description":"Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.","kev_required_action":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","kev_due_date":"2024-04-15","kev_known_ransomware":true,"kev_notes":"https://www.fortiguard.com/psirt/FG-IR-24-007;  https://nvd.nist.gov/vuln/detail/CVE-2023-48788","kev_cwes":["CWE-89"],"epss_score":0.97591,"epss_percentile":0.99893,"epss_as_of":"2026-06-23","description":"A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.","published_at":"2024-03-12T15:09:18.527000Z","last_modified_at":null,"cvss_v3_score":9.3,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":true,"ssvc_technical_impact":"total","cwes":["CWE-89"],"nvd_references":["https://fortiguard.com/psirt/FG-IR-24-007"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-29T01:40:39.262006Z"},"effective_severity":"CRITICAL","badges":["kev","ransomware","poc","epss"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"},{"metric":"E","name":"E","value":"P","value_label":"Physical"},{"metric":"RL","name":"RL","value":"U","value_label":"Unchanged"},{"metric":"RC","name":"RC","value":"C","value_label":"Changed"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"fortinet","vendor_name":"fortinet","product_slug":"forticlientems","product_name":"forticlientems","version_start":"7.2.0","version_start_inclusive":true,"version_end":"7.2.2","version_end_inclusive":true,"cpe23_uri":"cve5:fortinet:forticlientems:7.2.0:7.2.2"},{"vendor_slug":"fortinet","vendor_name":"fortinet","product_slug":"forticlientems","product_name":"forticlientems","version_start":"7.0.1","version_start_inclusive":true,"version_end":"7.0.10","version_end_inclusive":true,"cpe23_uri":"cve5:fortinet:forticlientems:7.0.1:7.0.10"}],"exploit_refs":[{"source":"nuclei","kind":"nuclei","url":"https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2023/CVE-2023-48788.yaml","title":"Fortinet Forticlient Endpoint Management Server - SQL Injection","author":"James Horseman,ItshMoh","disclosed_at":null}],"news":[],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-24-007","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2024-03-12T15:09:18.527000Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2024-03-25T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"poc_available","at":"2026-06-24T00:29:48.638073Z","label":"Public PoC available","source":"nuclei"},{"type":"cvss_changed","at":"2026-06-28T17:30:41.329074Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:30:41.329074Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:30:41.329074Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:40:39.262006Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:40:39.262006Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:40:39.262006Z","label":"SSVC decision revised","source":"vulnrichment"}]}