search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.03k stars 13.94k forks source link

Add exploit for Fortinet FortiClient EMS SQLi to RCE [CVE-2023-48788] #19068

Closed jheysel-r7 closed 6 months ago

jheysel-r7 commented 6 months ago

Summary

Fortinet FortiClient Endpoint Management Server is vulnerable to an SQLi that can lead to RCE. More details here in the blog post

Versions

Basic example

PoC

wvu commented 6 months ago

Fun!

jheysel-r7 commented 6 months ago

Fun!

Fun might be an understatement!!!!!