Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
codeigniter codeigniter vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-40831
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php like() function.
Codeigniter Codeigniter
Codeigniter Codeigniter 3.0
NA
CVE-2022-40834
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function.
Codeigniter Codeigniter
Codeigniter Codeigniter 3.0
NA
CVE-2022-35943
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechani...
Codeigniter Codeigniter
Codeigniter Shield 1.0.0
7.5
CVSSv2
CVE-2022-21647
CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the serv...
Codeigniter Codeigniter
6.5
CVSSv2
CVE-2020-10793
CodeIgniter up to and including 4.0.0 allows remote malicious users to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furtherm...
Codeigniter Codeigniter
7.5
CVSSv2
CVE-2016-10131
system/libraries/Email.php in CodeIgniter prior to 3.1.3 allows remote malicious users to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.
Codeigniter Codeigniter
NA
CVE-2022-46170
CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if an attacker gets one sessi...
Codeigniter Codeigniter
4.3
CVSSv2
CVE-2013-4891
The xss_clean function in CodeIgniter prior to 2.1.4 might allow remote malicious users to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag.
Codeigniter Codeigniter
7.5
CVSSv2
CVE-2015-5725
SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter prior to 2.2.4 allows remote malicious users to execute arbitrary SQL commands via vectors involving the offset variable.
Codeigniter Codeigniter
NA
CVE-2022-23556
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow malicious users to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure `Config\App::$proxyIPs`. As a wor...
Codeigniter Codeigniter
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »