Email Header Injection

An attack that exploits improperly sanitized user input to inject additional email headers (BCC, CC, Subject, To) into messages generated by a web application, potentially sending spam or phishing emails via a legitimate server. Attackers insert CRLF sequences into form fields used to populate headers. Prevention requires stripping or rejecting newline characters in all header values.