995 matches found
GalleryCMS Cross-Site Scripting Vulnerability
GalleryCMS is a free image gallery CMS based on the CodeIgniter 2.1 framework from Aaron Benson, a US-based individual developer. GalleryCMS v2.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation in the albumname parameter in /index.php/album/add for...
GalleryCMS 跨站脚本漏洞
GalleryCMS is a free image gallery CMS based on the CodeIgniter 2.1 framework from Aaron Benson, a US-based individual developer. GalleryCMS v2.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation in the albumname parameter in /index.php/album/add for...
Daylight Studio Fuel CMS跨站脚本漏洞
Daylight Studio Fuel CMS is a CodeIgniter-based content management system. A security vulnerability exists in Daylight Studio Fuel CMS 1.5.1 that allows HTML injection attacks...
CodeIgniter 跨站请求伪造漏洞
CodeIgniter is an open source web framework written in PHP. A cross-site request forgery vulnerability exists in CodeIgniter because the product does not validate user identity. The vulnerability can be exploited to send unintended requests to the server. The following products and versions are...
CodeIgniter 输入验证错误漏洞
CodeIgniter is an open source web framework written in PHP. An input validation error vulnerability exists in CodeIgniter because the product does not effectively filter special characters in HTTP requests. The following products and versions are affected: versions prior to 4.1.9...
PT-2022-16821 · Unknown · Codeigniter4
Name of the Vulnerable Software and Affected Versions: CodeIgniter4 versions prior to 4.1.9 Description: The issue allows attackers to execute CLI routes via HTTP request due to improper input validation. There are currently no known workarounds for this issue. Recommendations: Upgrade to version...
PT-2022-16822 · Unknown · Codeigniter4
Name of the Vulnerable Software and Affected Versions: CodeIgniter4 versions prior to 4.1.9 Description: A vulnerability in CodeIgniter4 might allow remote attackers to bypass the Cross-Site Request Forgery CSRF protection mechanism. This issue can be exploited when auto-routing is enabled or...
FUEL CMS 跨站脚本漏洞
FUEL CMS is a content management system CMS based on the Codelgniter framework. version 1.5.1 of FUEL CMS suffers from a cross-site scripting vulnerability, which stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to...
PT-2022-15060 · Unknown · Codeigniter4
Name of the Vulnerable Software and Affected Versions: CodeIgniter4 versions prior to 4.1.8 Description: A cross-site scripting XSS issue was found in APIResponseTrait in CodeIgniter4. Attackers can perform XSS attacks if a potential victim is using APIResponseTrait. Recommendations: For versions...
CodeIgniter 跨站脚本漏洞
CodeIgniter is an open source web framework written in the PHP language. CodeIgniter 4 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...
CodeIgniter code issues vulnerabilities
CodeIgniter is an open source Web framework written in PHP. codeIgniter is vulnerable to a code issue that stems from the deserialization of untrusted data found in the old function of the software. A remote attacker could use the vulnerability to inject an arbitrary object with the vulnerability...
CVE-2022-21647
Summary of CVE-2022-21647 (CodeIgniter4) : A deserialization of untrusted data flaw in CodeIgniter4's older() function enables remote attackers to inject auto-loadable objects and potentially execute PHP code, with downstream risk including SQL injection. The issue is evidenced across multiple so...
CVE-2022-21647 Deserialization of Untrusted Data in Codeigniter4
CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a...
CodeIgniter 代码问题漏洞
CodeIgniter is an open source Web framework written in PHP. codeIgniter is vulnerable to a code issue that stems from the deserialization of untrusted data found in the old function of the software. A remote attacker could use the vulnerability to inject an arbitrary object with the vulnerability...
CSCMS 安全漏洞
CScms is a content management system CMS developed based on the CI framework. cscms v4.0 is vulnerable due to a lack of effective protection against brute force attacks in the software user login box, which can be exploited by attackers to hijack user accounts via brute force attacks...
Opmantek Open-AudIT 安全漏洞
Opmantek Open-AudIT is an open source network discovery and auditing program from Opmantek USA. The program intelligently scans networks and network devices and provides status reports. A security vulnerability in Opmantek Open-AudIT prior to version 3.5.0, which originated in...
CVE-2021-40975
Cross-site scripting XSS vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap Codeigniter 3.1.11, Bootstrap 3.3.7 allows remote attackers to inject arbitrary web script or HTML via the searchtitle parameter...
CVE-2021-40975
Cross-site scripting XSS vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap Codeigniter 3.1.11, Bootstrap 3.3.7 allows remote attackers to inject arbitrary web script or HTML via the searchtitle parameter...
CVE-2021-40975
The CVE-2021-40975 entry concerns a Cross-site scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap. Affected component: application/modules/admin/views/ecommerce/products.php within Ecommerce-CodeIgniter-Bootstrap (CodeIgniter 3.1.11, Bootstrap 3.3.7). The root cause is unsanitized i...
Ecommerce-CodeIgniter-Bootstrap 跨站脚本漏洞
Ecommerce-CodeIgniter-Bootstrap is a responsive, multi-vendor, multi-language online store platform shopping cart solution. A cross-site scripting vulnerability in Ecommerce-CodeIgniter-Bootstrap Codeigniter 3.1.11, Bootstrap 3.3.7 allows remote attackers to inject arbitrary web script or HTML vi...