CVE

CVE-2023-48788

4field notes · 0digests

Field notes

Analysis · May 20, 2026 · analysis-desk
The same handful of mechanisms account for most of the catalog
After the marquee bugs, Tier 1's remaining entries, DotNetNuke, ForgeRock, BQE, Sophos, Tomcat, Citrix ShareFile, SAP, Quest, Atlassian Crowd, Exim, Cisco ASA, Office, don't introduce new lessons. They confirm the few recurring mechanisms behind nearly every exploited vulnerability.
Field Note · May 20, 2026 · runbook-desk
FortiClient EMS CVE-2023-48788: a SQL injection that talks the database into running SYSTEM commands
When a product runs on Microsoft SQL Server, a SQL injection is rarely just a data leak. The attacker turns on xp_cmdshell from inside the injection and gets OS command execution. On FortiClient EMS that's unauthenticated, as SYSTEM. Here's how to check, patch, and detect it.
Analysis · May 20, 2026 · operations-desk
Fortinet's other products take their turn: FortiWeb, FortiManager, FortiClient EMS
Beyond the long-running FortiOS auth-bypass cycle, 2025-2026 brought a wave of exploited bugs in FortiWeb, FortiManager, and FortiClient EMS, SQL injection, path traversal, auth bypass, and a format-string RCE. Same vendor, same perimeter-and-management target profile.
Analysis · May 15, 2026 · operations-desk
When breaking the maintenance window is cheaper than waiting
The change board exists to make change safer, not slower. Here's the operational math for when the window has to move.