PT-2024-24229

Name of the Vulnerable Software and Affected Versions Ecommerce-CodeIgniter-Bootstrap version d22b54e8915f167a135046ceb857caaf8479c4da Description The issue allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders model.php component. This is ...

CVE-2024-31821

CVE-2024-31821 affects Ecommerce-CodeIgniter-Bootstrap. The issue is a SQL Injection in the manageQuantitiesAndProcurement method of the Orders_model.php component, triggered by commit d22b54e8915f167a135046ceb857caaf8479c4da. This allows a remote attacker to potentially execute arbitrary code. T...

CVE-2024-31822

The CVE-2024-31822 issue affects Ecommerce-CodeIgniter-Bootstrap and is triggered by the saveLanguageFiles method in the Languages.php component (commit d22b54e8915f167a135046ceb857caaf8479c4da). The vulnerability allows a remote attacker to execute arbitrary code, with a CVSS v3.1 base score of ...

CVE-2024-31823

An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php component...

CVE-2024-31821

SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Ordersmodel.php component...

CodeIgniter4 DoS Vulnerability

Impact A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Patches Upgrade to v4.4.7 or later. See upgrading guide. Workarounds - Disabling Auto Routing prevents a known...

CVE-2024-29904

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later...

CVE-2024-29904 CodeIgniter4 Language class DoS Vulnerability

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later...

CVE-2024-29904 CodeIgniter4 Language class DoS Vulnerability

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later...

CVE-2024-29904 CodeIgniter4 Language class DoS Vulnerability

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later...

CVE-2024-29904

CVE-2024-29904 affects CodeIgniter4, specifically the Language class. The DoS vulnerability arises from how messages are formatted in the language component, allowing memory exhaustion on the server when processing inputs. The issue is documented across multiple sources (NVD/Red Hat/Veracode and ...

CodeIgniter 安全漏洞

CodeIgniter is an open source web framework written in the PHP language. A security vulnerability exists in CodeIgniter v4.4.7 and earlier versions, which stems from a security issue contained in the Language class, and can be exploited by an attacker to consume large amounts of server memory...

PT-2024-23125 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.4.7 Description: A vulnerability was found in the Language class that allowed DoS attacks, which can be exploited by an attacker to consume a large amount of memory on the server. Recommendations: Upgrade to...

BIT-CODEIGNITER-2020-10793

CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown...

BIT-CODEIGNITER-2022-21647

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a...

BIT-CODEIGNITER-2022-24712

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery CSRF protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for...

BIT-CODEIGNITER-2022-35943

Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...

BIT-CODEIGNITER-2022-39284

CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...

BIT-CODEIGNITER-2022-46170

CodeIgniter is a PHP full-stack web framework. When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user...

BIT-CODEIGNITER-2023-32692

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...