Codeigniter

Codeigniter

41 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-54418

  • EPSS 0.36%
  • Veröffentlicht 28.07.2025 14:47:20
  • Zuletzt bearbeitet 05.08.2025 15:46:02

CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagick` as the image library) and either allow file uplo...

6.1

CVE-2025-45406

  • EPSS 0.03%
  • Veröffentlicht 25.07.2025 17:15:32
  • Zuletzt bearbeitet 29.07.2025 14:14:55

A stored cross-site scripting (XSS) vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbar_time parameter. NOTE: this is disputed by the Supplier because attacke...

5.3

CVE-2025-24013

  • EPSS 0.2%
  • Veröffentlicht 20.01.2025 16:15:28
  • Zuletzt bearbeitet 01.08.2025 19:17:42

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application f...

7.5

CVE-2024-41344

Exploit
  • EPSS 0.11%
  • Veröffentlicht 15.10.2024 19:15:17
  • Zuletzt bearbeitet 01.08.2025 20:36:13

A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges.

7.5

CVE-2024-29904

  • EPSS 0.57%
  • Veröffentlicht 29.03.2024 16:15:08
  • Zuletzt bearbeitet 07.05.2025 17:28:25

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later. ...

7.5

CVE-2023-46240

  • EPSS 0.43%
  • Veröffentlicht 31.10.2023 16:15:09
  • Zuletzt bearbeitet 21.11.2024 08:28:08

CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Vers...

9.8

CVE-2023-32692

  • EPSS 0.58%
  • Veröffentlicht 30.05.2023 04:15:10
  • Zuletzt bearbeitet 21.11.2024 08:03:51

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-mod...

9.8

CVE-2022-46170

  • EPSS 0.31%
  • Veröffentlicht 22.12.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 07:30:15

CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, the...

7.5

CVE-2022-23556

Exploit
  • EPSS 0.14%
  • Veröffentlicht 22.12.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:48:48

CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure `Config\A...

9.8

CVE-2022-40835

Exploit
  • EPSS 0.25%
  • Veröffentlicht 07.10.2022 11:15:11
  • Zuletzt bearbeitet 21.11.2024 07:22:07

B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php. Note: Multiple third parties have disputed this as not a valid vulnerability