CodeIgniter: Vulnerable Javascript library

Hi @codeigniter, Description You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported...

FreeBSD : codeigniter -- multiple vulnerabilities (496160d3-d3be-11e6-ae1b-002590263bf5)

The CodeIgniter changelog reports : Fixed a number of new vulnerabilities in Security Library method xssclean. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques...

FreeBSD : codeigniter -- multiple vulnerabilities (5e439ee7-d3bd-11e6-ae1b-002590263bf5)

The CodeIgniter changelog reports : Fixed a SQL injection in the 'odbc' database driver. Updated setrealpath Path Helper function to filter-out php:// wrapper inputs. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from th...

NodCMS Installer Client-Side Cross Site Scripting

===================================================== Exploit Title : NodCMS Installer - Multiples Cross Site Web Vulnerability Date Discovered : 2016-11-10 Affected Products: NodCMS Installer - Content Management System Exploitation Technique: Remote Severity Level: Low Tested OS : Windows 10...

codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports: Fixed a number of new vulnerabilities in Security Library method xssclean...

CodeIgniter: Link sanitation bypass in xss_clean()

Hi there, While researching a website that uses your framework xssclean function to sanitize user's input in comments, I was able to bypass it and could trigger XSS payloads using javascript links in allowed tags such as anchors. This could be achieved by using the new HTML5 standard entities suc...

codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports: Fixed an SQL injection in the ‘odbc’ database driver. Updated setrealpath Path Helper function to filter-out php:// wrapper inputs...

FineCMS Enterprise Email Parameter SQL Injection Vulnerability

FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. An SQL injection vulnerability exists in the email parameter of FineCMS Enterprise Edition, as the program fails to adequately filter the email parameter, allowing attackers to exploit the vulnerability...

CodeIgniter: Web Server Disclosure

I would like to report an exposure of your web server kindly browse https://www.codeigniter.com/.htaccess...

CodeIgniter框架内核设计缺陷可能导致任意代码执行

简要描述： 为准备乌云深圳沙龙，准备几个0day做案例。 官方承认这个问题，说明会发布补丁，但不愿承认这是个『漏洞』……不过也无所谓，反正是不是都没美刀 详细说明： CI在加载模板的时候，会调用 $this-load-view'templatename', $data; 内核中，查看view函数源码： /system/core/Loader.php public function view$view, $vars = array, $return = FALSE return $this-ciloadarray'ciview' = $view, 'civars' =...

FreeBSD : codeigniter -- multiple vulnerabilities (698403a7-803d-11e5-ab94-002590263bf5)

The CodeIgniter changelog reports : Fixed an XSS attack vector in Security Library method xssclean. Changed Config Library method baseurl to fallback to $SERVER'SERVERADDR' in order to avoid Host header injections. Changed CAPTCHA Helper to try to use the operating system's PRNG first...

codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports: Fixed an XSS attack vector in Security Library method xssclean. Changed Config Library method baseurl to fallback to $SERVER'SERVERADDR' in order to avoid Host header injections. Changed CAPTCHA Helper to try to use the operating system's PRNG first...

XSS attack vector in Security Library method xss_clean()

More info at https://www.codeigniter.com/userguide/changelog.htmlversion-3-0-3...

XSS attack vector in Security Library method xss_clean()

More info at https://www.codeigniter.com/userguide/changelog.htmlversion-3-0-3...

FreeBSD : codeigniter -- multiple XSS vulnerabilities (95602550-76cf-11e5-a2a1-002590263bf5)

The CodeIgniter changelog reports : Fixed a number of XSS attack vectors in Security Library method xssclean thanks to Frans Rosen from Detectify. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

Multiple XSS Filter Bypasses

Overview Versions of validator prior to 1.1.0 are affected by several cross-site scripting vulnerabilities due to bypasses discovered in the denylist-based filter. Proof of Concept Various inputs that could bypass the filter were discovered: Improper parsing of nested tags: This is a test...

codeigniter -- multiple XSS vulnerabilities

The CodeIgniter changelog reports: Fixed a number of XSS attack vectors in Security Library method xssclean thanks to Frans Rosén from Detectify...

FreeBSD : codeigniter -- multiple vulnerabilities (c21f4e61-6570-11e5-9909-002590263bf5)

The CodeIgniter changelog reports : Security: Added HTTP 'Host' header character validation to prevent cache poisoning attacks when baseurl auto-detection is used. Security: Added FSCommand and seekSegmentTime to the 'evil attributes' list in CISecurity::xssclean. %NASLMINLEVEL 70300 C Tenable...

FreeBSD : codeigniter -- SQL injection vulnerability (b7d785ea-656d-11e5-9909-002590263bf5)

The CodeIgniter changelog reports : An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection. An incompatibility in PHP versions 5.0.7 with mysqlsetcharset creates a...

FreeBSD : codeigniter -- mysql database driver vulnerability (01bce4c6-6571-11e5-9909-002590263bf5)

The CodeIgniter changelog reports : Security: Removed a fallback to mysqlescapestring in the mysql database driver escapestr method when there's no active database connection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...