CVE-2021-24007

Name of the Vulnerable Software and Affected Versions FortiMail versions prior to 6.4.4

Description The issue is related to multiple improper neutralization of special elements of SQL commands in FortiMail, which may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. This could potentially be exploited by a remote attacker.

Recommendations For versions prior to 6.4.4, update to version 6.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP requests that could be used to exploit the vulnerability.