The vulnerability of the Header MVC framework for developing web systems and applications in CodeIgniter allows a attacker to trigger a service failure.

The vulnerability of the Header MVC framework used for developing web systems and applications in CodeIgniter relates to conflicts in interpretation when processing HTTP headers’ names and values. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

CVE-2022-21647

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a...

CVE-2022-23556

CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...

CVE-2022-46170

CodeIgniter is a PHP full-stack web framework. When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user...

CVE-2024-29904

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later...

Interpretation Conflict

Overview codeigniter4/framework is a PHP full-stack web framework that is light, fast, flexible, and secure. Affected versions of this package are vulnerable to Interpretation Conflict due to a lack of validations of the header name and value. Workaround Users who are unable to upgrade to the fix...

CVE-2025-24013

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...

CVE-2025-24013 CodeIgniter validation of header name and value

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...

CVE-2025-24013 CodeIgniter validation of header name and value

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...

CVE-2025-24013

CodeIgniter (PHP full‑stack framework) has a header validation issue prior to version 4.5.8 in the Header class, allowing construction of deliberately malformed HTTP headers. This could disrupt application functionality and potentially produce invalid HTTP requests; in some cases, remote service ...

CVE-2025-24013 CodeIgniter validation of header name and value

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...

CodeIgniter 安全漏洞

CodeIgniter is a lightweight, fast, flexible and secure PHP full-stack web framework open-sourced by Codeigniter. A security vulnerability exists in CodeIgniter versions prior to 4.5.8 that stems from improper validation of HTTP header names and values, which could result in an application error ...

CVE-2024-41344

A Cross-Site Request Forgery CSRF in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges...

CVE-2024-41344

A Cross-Site Request Forgery CSRF in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges...

CVE-2024-41344

A Cross-Site Request Forgery CSRF in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges...

CodeIgniter 安全漏洞

CodeIgniter is a lightweight, fast, flexible and secure PHP full-stack web framework open-sourced by Codeigniter. A security vulnerability exists in CodeIgniter version 3.1.13, which stems from the inclusion of a cross-site request forgery issue. An attacker can use this vulnerability to change t...

CVE-2024-41344

A Cross-Site Request Forgery CSRF in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges...

PT-2024-29362 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: Codeigniter version 3.1.13 Description: A Cross-Site Request Forgery CSRF issue allows attackers to arbitrarily change the Administrator password and escalate privileges. Recommendations: For Codeigniter version 3.1.13, update to a newer...

CVE-2024-41344

CVE-2024-41344 describes a Cross-Site Request Forgery (CSRF) in CodeIgniter 3.1.13 that allows an attacker to arbitrarily change the Administrator password and escalate privileges. The root cause details are not explicitly provided beyond the CSRF flaw. Impact is described as high (C/H/I/H) with ...

ASIS 3.2.0 SQL Injection Vulnerability

Aplikasi Sistem Sekolah using CodeIgniter 3 versions 3.0.0 through 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass...