995 matches found
Design/Logic Flaw
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...
Session fixation
CodeIgniter is a PHP full-stack web framework. When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user...
CVE-2022-46170 CodeIgniter is vulnerable to improper authentication via Session Handlers
CodeIgniter is a PHP full-stack web framework. When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user...
CVE-2022-46170 CodeIgniter is vulnerable to improper authentication via Session Handlers
CodeIgniter is a PHP full-stack web framework. When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user...
CVE-2022-46170
CodeIgniter (CodeIgniter4) documentation describes a vulnerability where an application using multiple session cookies (e.g., user and admin pages) and a session handler set to DatabaseHandler, MemcachedHandler, or RedisHandler allows an attacker who obtains one session cookie to access pages req...
CVE-2022-46170 CodeIgniter is vulnerable to improper authentication via Session Handlers
CodeIgniter is a PHP full-stack web framework. When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user...
CVE-2022-23556
CodeIgniter (PHP full‑stack framework) contains CVE-2022‑23556, a vulnerability that may allow an attacker to spoof the client IP address when the server is behind a reverse proxy. The issue has been patched; upgrade to CodeIgniter 4.2.11 or later and configure Config\App::$proxyIPs. As a workaro...
CVE-2022-23556 CodeIgniter is vulnerable to IP address spoofing when using proxy
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...
CVE-2022-23556 CodeIgniter is vulnerable to IP address spoofing when using proxy
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...
CVE-2022-23556 CodeIgniter is vulnerable to IP address spoofing when using proxy
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...
PT-2022-16071 · Unknown · Codeigniter
Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.2.11 Description: This issue may allow attackers to spoof their IP address when the server is behind a reverse proxy. Recommendations: For versions prior to 4.2.11, upgrade to version 4.2.11 or later, and...
CodeIgniter 授权问题漏洞
CodeIgniter is an open source web framework written in PHP. An authorization issue vulnerability exists in CodeIgniter versions prior to 4.2.11, which stems from an attacker obtaining a session cookie when the application uses multiple session cookies, and the session handler is set to...
CodeIgniter 数据伪造问题漏洞
CodeIgniter is an open source web framework written in PHP. CodeIgniter is vulnerable to a data forgery issue. An attacker exploits this vulnerability to spoof its IP address...
PT-2022-27784 · Unknown · Codeigniter
Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.2.11 Description: The issue arises when an application uses multiple session cookies and a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler. If an attacker obtains one session cookie...
starter-public-edition-4 安全漏洞
starter-public-edition-4 is a CodeIgniter-based PHP application for beginners by the individual developer Ivan Tcholakov. A security vulnerability exists in starter-public-edition-4 version 4.6.10 and earlier versions. An attacker exploits the vulnerability to perform cross-site scripting attacks...
CVE-2022-41446
An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data...
Design/Logic Flaw
An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data...
CVE-2022-41446
An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data...
PT-2022-25876 · Unknown · Record Management System +1
Name of the Vulnerable Software and Affected Versions: Record Management System using CodeIgniter version 1.0 Description: The issue allows attackers to access and modify user data due to an access control problem in the /Admin/dashboard.php endpoint. Recommendations: For Record Management System...
CVE-2022-41446
CVE-2022-41446 is an access control vulnerability in Record Management System using CodeIgniter v1.0. The issue resides in /Admin/dashboard.php, enabling attackers to access and modify user data due to improper access control. Affects CodeIgniter-based Teachers/Record Management System v1.0; CVSS...