Pervasive SQL injection in DAS component Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-24-007 Final 1 1 2024-03-12T00:00:00 Current version 2024-03-12T00:00:00 2025-02-18T00:00:00 An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests. None Execute unauthorized code or commands Co-discovered and reported by Thiago Santana From Fortinet ForticlientEMS development team and UK NCSC FortiClientEMS 7.2.2 FortiClientEMS 7.2.1 FortiClientEMS 7.2.0 FortiClientEMS 7.0.10 FortiClientEMS 7.0.9 FortiClientEMS 7.0.8 FortiClientEMS 7.0.7 FortiClientEMS 7.0.6 FortiClientEMS 7.0.5 FortiClientEMS 7.0.4 FortiClientEMS 7.0.3 FortiClientEMS 7.0.2 FortiClientEMS 7.0.1 CVE-2023-48788 FortiClientEMS-7.2.2 FortiClientEMS-7.2.1 FortiClientEMS-7.2.0 FortiClientEMS-7.0.10 FortiClientEMS-7.0.9 FortiClientEMS-7.0.8 FortiClientEMS-7.0.7 FortiClientEMS-7.0.6 FortiClientEMS-7.0.5 FortiClientEMS-7.0.4 FortiClientEMS-7.0.3 FortiClientEMS-7.0.2 FortiClientEMS-7.0.1 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-24-007 Pervasive SQL injection in DAS component Reference>