Description

One of the scans performed by Acunetix has generated an Email Header Injection Alert. This caused an email to be sent from your website to the Acunetix AcuMonitor Service.

Remediation

You need to restrict CR(0x13) and LF(0x10) from the user input. Check references for more information about fixing this vulnerability.

References

Email Injection

PHP mail() Header Injection Through Subject and To Parameters

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2014-3487)

Joomla Improper Input Validation Vulnerability (CVE-2006-1957)

PHP Improper Input Validation Vulnerability (CVE-2012-0788)

Jboss EAP Improper Input Validation Vulnerability (CVE-2018-1000873)

Jboss EAP Improper Input Validation Vulnerability (CVE-2013-2185)

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Acumonitor