Codeigniter

Codeigniter

41 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-40825

Exploit
  • EPSS 0.27%
  • Veröffentlicht 07.10.2022 11:15:10
  • Zuletzt bearbeitet 21.11.2024 07:22:05

B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.

4.3

CVE-2022-39284

Exploit
  • EPSS 0.47%
  • Veröffentlicht 06.10.2022 20:15:35
  • Zuletzt bearbeitet 21.11.2024 07:17:57

CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exp...

8.8

CVE-2022-35943

Exploit
  • EPSS 0.15%
  • Veröffentlicht 12.08.2022 21:15:07
  • Zuletzt bearbeitet 21.11.2024 07:12:01

Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/li...

8.8

CVE-2022-24712

  • EPSS 0.13%
  • Veröffentlicht 28.02.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:50:55

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upg...

9.8

CVE-2022-24711

  • EPSS 0.41%
  • Veröffentlicht 28.02.2022 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:50:55

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are curre...

6.1

CVE-2022-21715

  • EPSS 0.37%
  • Veröffentlicht 24.01.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:45:17

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is u...

9.8

CVE-2022-21647

  • EPSS 10.87%
  • Veröffentlicht 04.01.2022 20:15:07
  • Zuletzt bearbeitet 21.11.2024 06:45:08

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute...

8.8

CVE-2020-10793

  • EPSS 0.54%
  • Veröffentlicht 23.03.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 04:56:05

CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthe...

6.1

CVE-2012-1915

  • EPSS 0.28%
  • Veröffentlicht 09.01.2020 21:15:10
  • Zuletzt bearbeitet 21.11.2024 01:38:02

EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks.

9.8

CVE-2018-12071

  • EPSS 0.24%
  • Veröffentlicht 17.06.2018 20:29:00
  • Zuletzt bearbeitet 09.06.2025 06:15:22

A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.