An attacker exploits weaknessness in input validation on IMAP/SMTP servers
						to execute commands on the server. Web-mail servers often sit between the
						Internet and the IMAP or SMTP mail server. User requests are received by the
						web-mail servers which then query the back-end mail server for the requested
						information and return this response to the user. In an IMAP/SMTP command
						injection attack, mail-server commands are embedded in parts of the request
						sent to the web-mail server. If the web-mail server fails to adequately
						sanitize these requests, these commands are then sent to the back-end mail
						server when it is queried by the web-mail server, where the commands are
						then executed. This attack can be especially dangerous since administrators
						may assume that the back-end server is protected against direct Internet
						access and therefore may not secure it adequately against the execution of
						malicious commands.