A vulnerability, which was classified as critical, was found in Atmail 6.6.0. Affected is an unknown function of the component Login Page. The manipulation of the argument username leads to sql injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is traded as CVE-2024-24133. The attack needs to be initiated within the local network. There is no exploit available.