Latest codeigniter codeigniter Vulnerabilities

CVE-2023-46240
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
Codeigniter Codeigniter<4.4.3
composer/codeigniter4/framework<=4.4.2
CVE-2023-32692
CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, a...
Codeigniter Codeigniter<4.3.5
composer/codeigniter4/framework<4.3.5
CVE-2022-46170
CVE-2022-46170: Potential Session Handlers Vulnerability
composer/codeigniter4/framework<4.2.11
Codeigniter Codeigniter>=4.0.0<4.2.11
CVE-2022-23556
CVE-2022-23556: Attackers may spoof IP address when using proxy
composer/codeigniter4/framework<4.2.11
Codeigniter Codeigniter>=4.0.0<4.2.11
CVE-2022-40826
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function.
Codeigniter Codeigniter>=3.0<=3.1.13
Codeigniter Codeigniter=3.0
Codeigniter Codeigniter=3.0-rc
Codeigniter Codeigniter=3.0-rc2
Codeigniter Codeigniter=3.0-rc3
CVE-2022-40834
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function.
Codeigniter Codeigniter>=3.0<=3.1.13
Codeigniter Codeigniter=3.0
Codeigniter Codeigniter=3.0-rc
Codeigniter Codeigniter=3.0-rc2
Codeigniter Codeigniter=3.0-rc3
CVE-2022-40828
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_not_in() function.
Codeigniter Codeigniter>=3.0<=3.1.13
Codeigniter Codeigniter=3.0
Codeigniter Codeigniter=3.0-rc
Codeigniter Codeigniter=3.0-rc2
Codeigniter Codeigniter=3.0-rc3
CVE-2022-40832
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php having() function.
Codeigniter Codeigniter>=3.0<=3.1.13
Codeigniter Codeigniter=3.0
Codeigniter Codeigniter=3.0-rc
Codeigniter Codeigniter=3.0-rc2
Codeigniter Codeigniter=3.0-rc3
CVE-2022-40827
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function.
Codeigniter Codeigniter>=3.0<=3.1.13
Codeigniter Codeigniter=3.0
Codeigniter Codeigniter=3.0-rc
Codeigniter Codeigniter=3.0-rc2
Codeigniter Codeigniter=3.0-rc3
CVE-2022-40835
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php.
Codeigniter Codeigniter>=3.0<=3.1.13
Codeigniter Codeigniter=3.0
Codeigniter Codeigniter=3.0-rc
Codeigniter Codeigniter=3.0-rc2
Codeigniter Codeigniter=3.0-rc3
CVE-2022-40830
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_not_in() function.
Codeigniter Codeigniter>=3.0<=3.1.13
Codeigniter Codeigniter=3.0
Codeigniter Codeigniter=3.0-rc
Codeigniter Codeigniter=3.0-rc2
Codeigniter Codeigniter=3.0-rc3
CVE-2022-40831
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php like() function.
Codeigniter Codeigniter>=3.0<=3.1.13
Codeigniter Codeigniter=3.0
Codeigniter Codeigniter=3.0-rc
Codeigniter Codeigniter=3.0-rc2
Codeigniter Codeigniter=3.0-rc3
CVE-2022-40829
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_like() function.
Codeigniter Codeigniter>=3.0<=3.1.13
Codeigniter Codeigniter=3.0
Codeigniter Codeigniter=3.0-rc
Codeigniter Codeigniter=3.0-rc2
Codeigniter Codeigniter=3.0-rc3
CVE-2022-40824
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where() function.
Codeigniter Codeigniter>=3.0<=3.1.13
Codeigniter Codeigniter=3.0
Codeigniter Codeigniter=3.0-rc
Codeigniter Codeigniter=3.0-rc2
Codeigniter Codeigniter=3.0-rc3
CVE-2022-40825
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_in() function.
Codeigniter Codeigniter>=3.0<=3.1.13
Codeigniter Codeigniter=3.0
Codeigniter Codeigniter=3.0-rc
Codeigniter Codeigniter=3.0-rc2
Codeigniter Codeigniter=3.0-rc3
CVE-2022-39284
CVE-2022-39284: Config\Cookie Secure or HttpOnly flag not set in CodeIgniter4
composer/codeigniter4/framework<4.2.7
Codeigniter Codeigniter>=4.0.0<4.2.7
CVE-2022-35943
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF prote...
Codeigniter Codeigniter<4.2.3
CodeIgniter Shield=1.0.0-beta
CVE-2022-24712
CVE-2022-24712: Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4
composer/codeigniter4/framework<4.1.9
Codeigniter Codeigniter>=4.0.0<4.1.9
CVE-2022-24711
### Impact This vulnerability allows attackers to execute CLI routes via HTTP request. ### Patches Upgrade to v4.1.9 or later. ### Workarounds None. ### For more information If you have any questio...
composer/codeigniter4/framework<4.1.9
Codeigniter Codeigniter>=4.0.0<4.1.9
composer/codeigniter4/framework<4.1.9
CVE-2022-21715
### Impact Cross-Site Scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4. Attackers can do XSS attacks if you are using `API\ResponseTrait`. ### Patches Upgrade to v4.1.8 ...
composer/codeigniter4/framework<4.1.8
Codeigniter Codeigniter>=4.0.0<4.1.8
composer/codeigniter4/framework<4.1.8
CVE-2022-21647
### Impact Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execu...
composer/codeigniter4/framework<4.1.6
Codeigniter Codeigniter>=4.0.0<4.1.6
composer/codeigniter4/framework<4.1.6
CVE-2020-10793
CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the iss...
Codeigniter Codeigniter<=4.0.0
composer/codeigniter4/framework<=4.0.0
<=4.0.0
CVE-2012-1915
EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks.
Codeigniter Codeigniter<2.1.2
CVE-2018-12071
A Session Fixation issue exists in CodeIgniter before 3.1.9 because `session.use_strict_mode` in the Session Library was mishandled.
composer/codeigniter/framework<3.1.9
Codeigniter Codeigniter<3.1.9

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203