Mail Header Injection (IAST)

Severity: Critical

Summary#

Invicti identified that the web application is vulnerable to Email Header Injection. Email Header Injection is a security vulnerability that allows a malicious user to tamper with the email messages that are sent from the web application by injecting additional SMTP/IMAP headers. A malicious spammer could potentially use this tactic to send large numbers of messages anonymously.

Impact#

Unvalidated user input is used when composing the content of the mail messages that are sent from this web application. Therefore, it's possible for a remote attacker to inject custom SMTP/IMAP headers. For example, an attacker can inject additional email recipients and use the script for sending spam.

Actions To Take#

You need to restrict CR(0x13) and LF(0x10) from the user input. Check references for more information about fixing this vulnerability.

Classifications#

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N, OWASP 2013-A1, WASC-19, CAPEC-66, PCI v3.2-6.5.1, OWASP 2017-A1, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, CWE-20