Codeigniter Security Vulnerabilities (CVEs)

Track 9 security vulnerabilities affecting Codeigniter products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

3 Critical

5 High

1 Medium

Sort by:

🔔 Get Alerts for Codeigniter

CVE-2025-54418 9.8

This CVE describes a command injection vulnerability in CodeIgniter's ImageMagick handler that allows remote code execution. Applications using ImageM...

Jul 28, 2025

CVE-2025-24013 5.3

CodeIgniter versions before 4.5.8 lack proper validation for HTTP header names and values, allowing attackers to craft malformed headers. This can dis...

Jan 20, 2025

CVE-2024-41344 7.5

This CSRF vulnerability in CodeIgniter 3.1.13 allows attackers to trick authenticated administrators into unknowingly changing their own passwords. At...

Oct 15, 2024

CVE-2024-29904 7.5

A denial-of-service vulnerability in CodeIgniter's Language class allows attackers to trigger excessive memory consumption on servers. This affects al...

Mar 29, 2024

CVE-2023-46240 7.5

CodeIgniter4 versions before 4.4.3 display detailed error reports in production environments when errors or exceptions occur, potentially leaking sens...

Oct 31, 2023

CVE-2023-32692 9.8

CVE-2023-32692 is a critical remote code execution vulnerability in CodeIgniter's Validation library. Attackers can execute arbitrary PHP code by expl...

May 30, 2023

CVE-2023-27580 7.5

CodeIgniter Shield versions before v1.0.0-beta.4 improperly store passwords by using SHA-384 hashing without salt before bcrypt, making password crack...

Mar 13, 2023

CVE-2022-24711 9.4

CVE-2022-24711 is an improper input validation vulnerability in CodeIgniter4 that allows attackers to execute CLI (Command Line Interface) routes via ...

Feb 28, 2022

CVE-2022-21647 7.7

CVE-2022-21647 is a deserialization vulnerability in CodeIgniter4's old() function that allows remote attackers to inject arbitrary objects and potent...

Jan 4, 2022

Why Monitor Codeigniter Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 9+ known vulnerabilities affecting Codeigniter products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Codeigniter packages in under 60 seconds. No agents required - completely agentless scanning that works across Codeigniter deployments.

Free vulnerability database: Access detailed information about every Codeigniter CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Codeigniter CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Codeigniter CVEs Free