CVE-2021-24007
published 2021-07-09CVE-2021-24007: Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortimail | <= 5.4.12 | — |
| fortinet | fortimail | — | — |
| fortinet | fortimail | >= 5.6.1 < 6.0.11 | 6.0.11 |
| fortinet | fortimail | >= 6.2.0 < 6.2.7 | 6.2.7 |
| fortinet | fortimail | >= 6.4.0 < 6.4.4 | 6.4.4 |
| fortinet | fortinet_fortimail | — | — |