CVE-2020-25091

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/addproduct.php...

CVE-2020-25091

CVE-2020-25091 : XSS in Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 due to lack of proper validation in application/modules/vendor/views/add_product.php. Multiple sources corroborate the issue; CNVD notes the root cause as missing input validation. No patch/version remediation is specified ...

CVE-2020-25092

CVE-2020-25092 affects Ecommerce-CodeIgniter-Bootstrap. The vulnerability is an XSS issue located in _parts/header.php and in the templates at application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel. The public records indicate thi...

CVE-2020-25092

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel...

CVE-2020-25093

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/templates/clothesshop, application/views/templates/onepage, and application/views/templates/redlabel...

CVE-2020-25093

The CVE-2020-25093 entry concerns an XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap prior to 2020-08-03. The affected area is blog.php within the templates: clothesshop, onepage, and redlabel. The underlying issue is a cross-site scripting flaw that allows input to be echoed without proper ...

EulerOS 2.0 SP5 : libjpeg-turbo (EulerOS-SA-2020-1939)

According to the versions of the libjpeg-turbo packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In IJG JPEG aka libjpeg before 9d, jpegmemavailable in jmemnobs.c in djpeg does not honor the maxmemorytouse setting, possibly causing...

CVE-2020-16610

Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery CSRF. When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention...

CVE-2020-16610

Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery CSRF. When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention...

CVE-2020-16610

CVE-2020-16610 affects Hoosk CMS (CodeIgniter-based) prior to version 1.7.2. A CSRF flaw allows an attacker to induce an authenticated admin to visit a malicious page, resulting in accounts being deleted without the admin’s consent. CVSS v3.1 base score 4.3 (Medium); attack vector: Network; privi...

Code Execution Vulnerability in Xunrui CMS

Xunrui CMS free open source system is based on PHP7 language using the latest CodeIgniter4 as the development framework for the production of web content management framework. XunRui CMS code execution vulnerabilities exist. An attacker can exploit the vulnerability to execute arbitrary code...

File Upload Vulnerability in CMS Ap***.php File

Xunrui CMS free open source system is based on PHP7 language using the latest CodeIgniter4 as the development framework for the production of web content management framework. XunRui CMS Ap.php file file upload vulnerability. Attackers can use the vulnerability to upload webshell, get server...

labels.com.np Cross Site Request Forgery vulnerability

Open Bug Bounty ID: OBB-1157691 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

CodeIgniter Elevation of Privilege Vulnerability

CodeIgniter is an open source web framework written in the PHP language. A security vulnerability exists in CodeIgniter 4.0.0 and earlier versions. A remote attacker can exploit the vulnerability to gain privileges...

CVE-2020-10793

CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown...

CVE-2020-10793

CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown...

Design/Logic Flaw

CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown...

CVE-2020-10793

CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown...

CVE-2020-10793

CodeIgniter vulnerability CVE-2020-10793 affects CodeIgniter up to version 4.0.0, allowing remote privilege escalation by manipulating the Email ID on the "Select Role of the User" page. Some sources argue the issue stems from a custom module/plugin rather than the framework itself. Public detail...

PT-2020-12327 · Ellislab · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions through 4.0.0 Description: The issue allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. However, it is argued by a contributor to the CodeIgniter framework that the...