CVE-2021-24007SQL Injection in Fortinet Fortimail

CWE-89SQL Injection4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 27.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortimailFortinet Fortimail
Timeline
PublishedJul 9
Latest updateMay 24

Description

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortimail5.6.16.0.11+3
CVEListV5fortinet/fortinet_fortimailFortiMail before 6.4.4

🔴Vulnerability Details

2
GHSA
GHSA-98vw-7jjm-r328: Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 62022-05-24
CVEList
CVE-2021-24007: Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 62021-07-09

📋Vendor Advisories

1
Fortinet
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow...2021-07-09
CVE-2021-24007 — SQL Injection in Fortinet Fortimail | cvebase