codeigniter -- input validation bypass

The CodeIgniter changelog reports: Form Validation Library rule validemail could be bypassed if idntoascii is available...

CICMS V2.1 suffers from sql injection vulnerability

CICMS system is developed by php+mysql, based on CodeIgniter, and is mainly used for enterprise building. CICMS V2.1 suffers from a sql injection vulnerability. An attacker can exploit this vulnerability to obtain the server's password...

FreeBSD : codeigniter -- multiple vulnerabilities (df0144fb-295e-11e7-970f-002590263bf5)

The CodeIgniter changelog reports : Fixed a header injection vulnerability in common function setstatusheader under Apache thanks to Guillermo Caminer from Flowgate. Fixed byte-safety issues in Encrypt Library DEPRECATED when mbstring.funcoverload is enabled. Fixed byte-safety issues in Encryptio...

Seagate Business NAS - Unauthenticated Remote Command Execution Exploit

Exploit for linux platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class MetasploitModule 'Seagate Business NAS Unauthenticated Remote...

codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports: Fixed a header injection vulnerability in common function setstatusheader under Apache thanks to Guillermo Caminer from Flowgate. Fixed byte-safety issues in Encrypt Library DEPRECATED when mbstring.funcoverload is enabled. Fixed byte-safety issues in Encryption...

FreeBSD : codeigniter -- multiple vulnerabilities (71ebbc50-01c1-11e7-ae1b-002590263bf5)

The CodeIgniter changelog reports : Fixed an XSS vulnerability in Security Library method xssclean. Fixed a possible file inclusion vulnerability in Loader Library method vars. Fixed a possible remote code execution vulnerability in the Email Library when 'mail' or 'sendmail' are used thanks to...

Takas Classified 1.1 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Takas Classified – Codeigniter PHP Classified Ad Script v1.1 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://artifectx.com/ Software Buy:...

Takas Classified Cogeigniter PHP Classified Ad Script 1.1 SQL Injection

Exploit Title: Takas Classified a Codeigniter PHP Classified Ad Script v1.1 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://artifectx.com/ Software Buy: https://codecanyon.net/item/takas-classified-codeigniter-php-classified-ad-script/15227824 Demo:...

Takas Classified 1.1 - SQL Injection

Takas Classified 1.1 - SQL Injection Exploit Title: Takas Classified – Codeigniter PHP Classified Ad Script v1.1 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://artifectx.com/ Software Buy:...

Takas Classified 1.1 - SQL Injection

Exploit Title: Takas Classified – Codeigniter PHP Classified Ad Script v1.1 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://artifectx.com/ Software Buy: https://codecanyon.net/item/takas-classified-codeigniter-php-classified-ad-script/15227824 Demo:...

PHPback Cross Site Scripting / SQL Injection

Exploit Title :PHPback alertdocument.cookie; in title parameter title="alertdocument.location; SQLI Screenshot https://cloud.githubusercontent.com/assets/10351062/14776703/c9440524-0ae5-11e6-9240-a37a685a72b1.png XSS screenshot https://cloud.githubusercontent.com/as...

PHPBack 1.3.1 - SQL Injection Cross-Site Scripting

PHPBack 1.3.1 - SQL Injection Cross-Site Scripting Exploit Title :PHPback alertdocument.cookie; in title parameter title="alertdocument.location; SQLI Screenshot https://cloud.githubusercontent.com/assets/10351062/14776703/c9440524-0ae5-11e6-9240-a37a685a72b1.png XSS screenshot...

PHPBack 1.3.1 - SQL Injection / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Exploit Title :PHPback alertdocument.cookie; in title parameter title="alertdocument.location; SQLI Screenshot https://cloud.githubusercontent.com/assets/10351062/14776703/c9440524-0ae5-11e6-9240-a37a685a72b1.png...

PHPBack < 1.3.1 - SQL Injection / Cross-Site Scripting

Exploit Title :PHPback alertdocument.cookie; in title parameter title="alertdocument.location; SQLI Screenshot https://cloud.githubusercontent.com/assets/10351062/14776703/c9440524-0ae5-11e6-9240-a37a685a72b1.png XSS screenshot https://cloud.githubusercontent.com/assets/103510...

EllisLab CodeIgniter Arbitrary Code Execution Vulnerability

EllisLab CodeIgniter is the United States EllisLab company for PHP web developers to use a set of application development framework and toolkit . A security vulnerability exists in the system/libraries/Email.php file in EllisLab CodeIgniter versions prior to 3.1.3. A remote attacker can exploit...

CVE-2016-10131

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email-from field to insert sendmail command-line arguments...

Code injection

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email-from field to insert sendmail command-line arguments...

CVE-2016-10131

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email-from field to insert sendmail command-line arguments...

CVE-2016-10131

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email-from field to insert sendmail command-line arguments...

CVE-2016-10131

CodeIgniter prior to 3.1.3 is affected by CVE-2016-10131 via the file system/libraries/Email.php: an attacker who can control the email->from field can insert sendmail command-line arguments, enabling remote arbitrary code execution. Affected component: system/libraries/Email.php in CodeIgnite...