A recently fixed SQL injection vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Endpoint Management Server (EMS) solution has apparently piqued the interest of many: Horizon3’s Attack Team means to publish technical details and a proof-of-concept exploit for it next week, and someone is attempting to sell a PoC for less than $300 via GitHub. About CVE-2023-48788 CVE-2023-48788 is one of the several vulnerabilities recently patched by Fortinet. “An improper neutralization of special elements used in an SQL … More

The post Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) appeared first on Help Net Security.