SQL Injection Vulnerability in FortiMail by Fortinet
CVE-2021-24007
9.8CRITICAL
What is CVE-2021-24007?
Multiple improper neutralization issues in FortiMail prior to version 6.4.4 enable non-authenticated attackers to potentially execute unauthorized commands or code by sending specially crafted HTTP requests. This vulnerability poses significant risks to users by allowing attackers to manipulate SQL queries, which can lead to data exfiltration and unauthorized access.
Affected Version(s)
Fortinet FortiMail FortiMail before 6.4.4