fm_emailinjection
| Click to Download |
Description |
| Email injection is a security vulnerability that can occur in internet applications that are used to send email messages. When a form is added to a webpage that submits data to a web application, a malicious user can potentially exploit the MIME format to append additional information to the message being sent, such as a new list of recipients or a completely different message body. |
Usage |
| This new function will strip out any malicious string from any data contained within it. Simply wrap this function around any variables used within cfmail (to, cc, bcc, from, subject or body). |