CVE-2022-23556

2022-12-2219:15:09

CWE-345

GitHub_M

web.nvd.nist.gov

codeigniter

php

framework

vulnerability

ip spoofing

patch

security

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use $request->getIPAddress().

Affected configurations

Nvd

Vulners

Node

codeignitercodeigniterRange4.0.0–4.2.11

VendorProductVersionCPE
codeignitercodeigniter*cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
codeigniter	codeigniter	*	cpe:2.3:a:codeigniter:codeigniter::::::::

CNA Affected

[
  {
    "vendor": "codeigniter4",
    "product": "CodeIgniter4",
    "versions": [
      {
        "version": "< 4.2.11",
        "status": "affected"
      }
    ]
  }
]