A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and…
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
https://cwe.mitre.org/data/definitions/1286.html →Open in CWE collection →This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input.
https://capec.mitre.org/data/definitions/66.html →Open in CAPEC collection →https://capec.mitre.org/data/definitions/676.html →Open in CAPEC collection →
| Product | Vendor | Status |
|---|---|---|
| axis_os | * | Tracked |
| axis_os_2016 | * | Tracked |
| axis_os_2018 | * | Tracked |
| axis_os_2020 | * | Tracked |