📦 Codeigniter

This CVE describes a command injection vulnerability in CodeIgniter's ImageMagick handler that allows remote code execution. Applications using ImageMagiter with user-controlled filenames or text cont...

CVE-2023-32692 is a critical remote code execution vulnerability in CodeIgniter's Validation library. Attackers can execute arbitrary PHP code by exploiting validation placeholders in form validation ...

CVE-2022-24711 is an improper input validation vulnerability in CodeIgniter4 that allows attackers to execute CLI (Command Line Interface) routes via HTTP requests. This affects all CodeIgniter4 insta...

This CSRF vulnerability in CodeIgniter 3.1.13 allows attackers to trick authenticated administrators into unknowingly changing their own passwords. Attackers can then take over administrator accounts ...

A denial-of-service vulnerability in CodeIgniter's Language class allows attackers to trigger excessive memory consumption on servers. This affects all CodeIgniter4 applications using the vulnerable L...

CodeIgniter4 versions before 4.4.3 display detailed error reports in production environments when errors or exceptions occur, potentially leaking sensitive information like database credentials, file ...

CVE-2022-21647 is a deserialization vulnerability in CodeIgniter4's old() function that allows remote attackers to inject arbitrary objects and potentially execute PHP code on the server. This affects...

CodeIgniter versions before 4.5.8 lack proper validation for HTTP header names and values, allowing attackers to craft malformed headers. This can disrupt application functionality, cause errors, or g...