Fortinet FortiMail SQL注入漏洞

Fortinet FortiMail is a suite of email security gateway products developed by the American company Fortinet. This product provides features such as email security protection and data protection. Versions 7.6.0 to 7.6.3, 7.4.0 to 7.4.5, and 7.2.0 to 7.2.8 of Fortinet FortiMail contain SQL injectio...

CVE-2025-54972

An improper neutralization of crlf sequences 'crlf injection' vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a...

EUVD-2025-198017

An improper neutralization of crlf sequences 'crlf injection' in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a specifically...

CVE-2025-54972

An improper neutralization of crlf sequences 'crlf injection' vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a...

Fortinet FortiMail 注入漏洞

Fortinet FortiMail is a suite of e-mail security gateway products from the U.S. company Fiat Fortinet. The product provides email security and data protection features. An injection vulnerability exists in Fortinet FortiMail that stems from improper CRLF sequence neutralization, which could resul...

PT-2025-47360

Name of the Vulnerable Software and Affected Versions Fortinet FortiMail versions 7.0 through 7.2 Fortinet FortiMail versions 7.4.0 through 7.4.5 Fortinet FortiMail versions 7.6.0 through 7.6.3 Description A flaw exists in Fortinet FortiMail that allows for the injection of headers in responses...

EUVD-2013-1507

Malware in sbrugna...

EUVD-2014-8454

Malware in sbrugna...

EUVD-2017-16707

Malware in sbrugna...

EUVD-2022-33469

Malicious code in bioql PyPI...

EUVD-2024-54213

Malicious code in bioql PyPI...

PT-2025-32871 · Fortinet · Fortindr +4

Name of the Vulnerable Software and Affected Versions: Fortinet FortiMail versions 7.6.0 through 7.6.1 and prior to 7.4.3 Fortinet FortiVoice versions 7.0.0 through 7.0.5 and prior to 7.4.9 Fortinet FortiRecorder versions 7.2.0 through 7.2.1 and prior to 7.0.4 Fortinet FortiCamera versions 7.6.0...

Exploit for Out-of-bounds Write in Fortinet Fortimail

Blackash-CVE-2025-32756 CVE-2025-32756 'Fortinet' RCE PoC ‼...

CVE-2024-56497

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or...

CVE-2022-27488

A cross-site request forgery CSRF in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2,...

CVE-2022-29056

A improper restriction of excessive authentication attempts vulnerability CWE-307 in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form...

CVE-2020-15933

A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection...

CVE-2013-1471

Multiple cross-site scripting XSS vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption IBE appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via 1 the Add field for the Black List under Antispam...

Fortinet FortiMail 7.0.x < 7.0.9 / 7.2.x < 7.2.8 / 7.4.x < 7.4.5 / 7.6.x < 7.6.3 API Stack-based Buffer Overflow (FG-IR-25-254)

The version of Fortigate FortiMail installed on the remote host is 7.0.x prior to 7.0.9, 7.2.x prior to 7.2.8, 7.4.x prior to 7.4.5, or 7.6.x prior to 7.6.3. It is, therefore, affected by an API stack-based buffer overflow vulnerability as referenced in the FG-IR-25-254 advisory: - A stack-based...

CVE-2023-33302

A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail...