Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Email injection - Vulnerability Database

Email injection

Description

This script is vulnerable to Email injection attacks.

Email injection is a security vulnerability that allows malicious users to send email messages using someone else's server without prior authorization. A malicious spammer could use this tactic to send large numbers of messages anonymously.

Remediation

You need to restrict CR(0x13) and LF(0x10) from the user input. Check references for more information about fixing this vulnerability.

References

PHP mail() Header Injection Through Subject and To Parameters

Related Vulnerabilities

PHP mail function ASCII control character header spoofing vulnerability Medium
Common tags: Abuse Of Functionality
XML external entity injection High
Common tags: Abuse Of Functionality
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson High
Common tags: Abuse Of Functionality
Deserialization of Untrusted Data (Java JSON Deserialization) Genson High
Common tags: Abuse Of Functionality
Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson High
Common tags: Abuse Of Functionality

Severity

High

Classification

CWE-20
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality