CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
28.1%
CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace ini_set('display_errors', '0')
with ini_set('display_errors', 'Off')
in app/Config/Boot/production.php
.
Vendor | Product | Version | CPE |
---|---|---|---|
codeigniter | codeigniter | * | cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:* |
[
{
"vendor": "codeigniter4",
"product": "CodeIgniter4",
"versions": [
{
"version": "< 4.4.3",
"status": "affected"
}
]
}
]