CVE-2017-20187
Summary
A vulnerability (CVE-2017-20187) has been identified in Magnesium-PHP versions up to 0.3.0, specifically in the formatEmailString function. This flaw allows for injection by manipulating the email/name argument, and can be mitigated by upgrading to version 0.3.1.
IFF Assessment
FOE
This vulnerability allows for code injection, which is a direct threat to system integrity and data security.
Severity
3.5
Low
Defender Context
This vulnerability highlights the risk posed by unsupported software, which often contains unpatched security flaws. Defenders should prioritize identifying and upgrading or isolating any systems running end-of-life software, as they present a significant attack surface.