Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
2021-07-09T19:15:08.133
2024-11-21T05:52:11.773
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | fortinet | fortimail | ≤ 5.4.12 | Yes |
Application | fortinet | fortimail | < 6.0.11 | Yes |
Application | fortinet | fortimail | < 6.2.7 | Yes |
Application | fortinet | fortimail | < 6.4.4 | Yes |