Description

One of the scans performed by Acunetix has generated an Email Header Injection Alert. This caused an email to be sent from your website to the Acunetix AcuMonitor Service.

Remediation

You need to restrict CR(0x13) and LF(0x10) from the user input. Check references for more information about fixing this vulnerability.

References

Email Injection

PHP mail() Header Injection Through Subject and To Parameters

Related Vulnerabilities

WordPress Plugin Contact Form DB CSV Injection (2.10.32)

Plone CMS Improper Input Validation Vulnerability (CVE-2013-4192)

Ruby Improper Input Validation Vulnerability (CVE-2009-4492)

Jenkins Improper Input Validation Vulnerability (CVE-2012-6073)

Joomla Improper Input Validation Vulnerability (CVE-2016-8869)

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Acumonitor