====== Email Injection Attack ======

Attempt to send third-party emails or conduct futher attacks via email requests.

===== Exploited Vulnerability =====

  * [[security:functions:mail_functions|Security sensitive mail functions]]

===== Additional Information =====

  * See [[security:web application security]] and [[catalog|security attacks catalog]].
  * [[http://securephp.damonkohler.com/index.php/Email_Injection|Email header injection using mail() function]]
  * [[http://www.phpsecure.info/v2/article/MailHeadersInject.php|Email headers injection using mail() function (french)]]