Description

One of the scans performed by Acunetix has generated an Email Header Injection Alert. This caused an email to be sent from your website to the Acunetix AcuMonitor Service.

Remediation

You need to restrict CR(0x13) and LF(0x10) from the user input. Check references for more information about fixing this vulnerability.

References

Email Injection

PHP mail() Header Injection Through Subject and To Parameters

Related Vulnerabilities

WordPress Plugin weForms-Easy Drag & Drop Contact Form Builder CSV Injection (1.4.7)

WordPress Plugin TablePress CSV Injection (1.9.2)

Python object deserialization of user-supplied data

WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9)

Multiple vulnerabilities reported in Parallels Plesk Sitebuilder

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Tags

Abuse Of Functionality