CVE-2023-48788

Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests. Vendor/Product: Fortinet FortiClient EMS. Added to CISA KEV 2024-03-25; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.