Description

One of the scans performed by Invicti has generated an Email Header Injection Alert. This caused an email to be sent from your website to the Invicti AcuMonitor Service.

Remediation

You need to restrict CR(0x13) and LF(0x10) from the user input. Check references for more information about fixing this vulnerability.

References

Email Injection

PHP mail() Header Injection Through Subject and To Parameters

Related Vulnerabilities

WordPress Plugin TablePress CSV Injection (1.9.2)

WordPress OptimizePress unrestricted file upload

SharePoint Improper Input Validation Vulnerability (CVE-2019-0594)

Ruby Improper Input Validation Vulnerability (CVE-2018-8779)

silverstripeCMS Improper Input Validation Vulnerability (CVE-2013-2653)

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Acumonitor