Atmail v6.6.0 exists to contain a SQL injection vulnerability via the username parameter on the login page.
atmail atmail 6.6.0
atmail atmail 6.3.0