CVE-2023-48707
- EPSS 0.06%
- Veröffentlicht 24.11.2023 18:15:07
- Zuletzt bearbeitet 21.11.2024 08:32:18
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious perso...
CVE-2023-48708
- EPSS 0.16%
- Veröffentlicht 24.11.2023 18:15:07
- Zuletzt bearbeitet 21.11.2024 08:32:18
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log tab...
CVE-2023-27580
- EPSS 0.13%
- Veröffentlicht 13.03.2023 18:15:12
- Zuletzt bearbeitet 21.11.2024 07:53:11
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack...
CVE-2022-35943
- EPSS 0.15%
- Veröffentlicht 12.08.2022 21:15:07
- Zuletzt bearbeitet 21.11.2024 07:12:01
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/li...