SQL Injection Vulnerability in FortiMail by Fortinet
CVE-2021-24007
9.8CRITICAL
Summary
Multiple improper neutralization issues in FortiMail prior to version 6.4.4 enable non-authenticated attackers to potentially execute unauthorized commands or code by sending specially crafted HTTP requests. This vulnerability poses significant risks to users by allowing attackers to manipulate SQL queries, which can lead to data exfiltration and unauthorized access.
Affected Version(s)
Fortinet FortiMail FortiMail before 6.4.4
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved