This threat affects all the applications that communicate with mail servers (IMAP/SMTP), generally web mail applications. In IMAP/SMTP injection testing, testers check if it possible to inject arbitrary IMAP/SMTP commands into the mail servers, due to input data not properly sanitized. An IMAP/SMTP Injection attack breaks the following pattern:
Input -> IMAP/SMTP command == IMAP/SMTP Injection
💡 See Simple Mail Transfer Protocol (SMTP).
💡 See Internet Message Access Protocol (IMAP/IMAPS).