An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HFortinet Fortimail
APPFortinet7.2.0 – 7.2.9 (bez)7.4.0 – 7.4.6 (bez)7.6.0 – 7.6.4 (bez)
Related vulnerabilities
Stack-based buffer overflow RCE w produktach Fortinet (FortiMail, FortiVoice i inne)
FortiMail: Pominięcie uwierzytelnienia admina przez RADIUS i remote_wildcard
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently ...
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4...
An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntrepris...