Description
This web application is vulnerable to Email Header Injection. Email Header Injection is a security vulnerability that allows a malicious user to tamper with the email messages that are sent from the web application by injecting additional SMTP/IMAP headers. A malicious spammer could potentially use this tactic to send large numbers of messages anonymously.
Remediation
You need to restrict CR(0x13) and LF(0x10) from the user input. Check references for more information about fixing this vulnerability.
References
Related Vulnerabilities
Perl Improper Input Validation Vulnerability (CVE-2015-8853)
Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson
WordPress Plugin Wise Chat CSV Injection (2.8.3)
TYPO3 Improper Input Validation Vulnerability (CVE-2010-5099)
Joomla Improper Input Validation Vulnerability (CVE-2015-8565)