CVSS: 10.0EPSS: 94%CPEs: 2EXPL: 2CVE-2023-48788 – Fortinet FortiClient EMS SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-48788
12 Mar 2024 — A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets. Una neutralización inadecuada de elementos especiales utilizados en un comando sql ("inyección sql") en Fortinet FortiClientEMS versión 7.2.0 a 7.2.2, FortiClientEMS 7.0.1 a 7.0.10 permite a un atacante ejecutar código o comandos no autorizados ... • https://packetstorm.news/files/id/178230 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45581
https://notcve.org/view.php?id=CVE-2023-45581
15 Feb 2024 — An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests. Una vulnerabilidad de administración de privilegios inadecuada [CWE-269] en Fortinet FortiClientEMS versión 7.2.0 a 7.2.2 y anteriores a 7.0.10 permite a un administrador del sitio con privilegios de superadministrador real... • https://fortiguard.com/psirt/FG-IR-23-357 • CWE-269: Improper Privilege Management •