Description
This script is vulnerable to Email injection attacks.
Email injection is a security vulnerability that allows malicious users to send email messages using someone else's server without prior authorization. A malicious spammer could use this tactic to send large numbers of messages anonymously.
Remediation
You need to restrict CR(0x13) and LF(0x10) from the user input. Check references for more information about fixing this vulnerability.
References
Related Vulnerabilities
Ruby on Rails Improper Input Validation Vulnerability (CVE-2011-2929)
WordPress Improper Input Validation Vulnerability (CVE-2020-26596)
TYPO3 Improper Input Validation Vulnerability (CVE-2010-3667)
silverstripeCMS Improper Input Validation Vulnerability (CVE-2011-4962)
WordPress Improper Input Validation Vulnerability (CVE-2011-3127)