🕳️ Vulnerabilities & CVEs

CVE-2017-20187: Email Injection Haunts Magnesium-PHP's Forgotten Codebase

Picture this: your app's email handler quietly mangles headers, letting attackers slip in junk. That's CVE-2017-20187 striking from the shadows of an abandoned PHP library.

theAIcatchup Apr 08, 2026 3 min read
Screenshot of CVE-2017-20187 vulnerability details in Magnesium-PHP source code

⚡ Key Takeaways

  • CVE-2017-20187 enables email header injection via unsanitized name args in Magnesium-PHP <=0.3.0. 𝕏
  • Unsupported status means no fixes—legacy systems at risk of spoofing or DoS. 𝕏
  • Audit deps now; this highlights OSS zombie risks in PHP supply chains. 𝕏
Published by

theAIcatchup

Threat intelligence. Zero noise.

#CVE-2017-20187 #Magnesium-PHP #PHP vulnerability #email injection #unsupported software

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by NVD Vulnerabilities

Related Stories

📬

Stay in the loop

The week's most important stories from theAIcatchup, delivered once a week.

No spam. Unsubscribe any time.