995 matches found
Code injection
The sanitizeglobals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a SERVER cookie...
CVE-2007-3707
Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enablequerystrings is true, allows remote attackers to read arbitrary files via a .. dot dot in the c parameter...
CVE-2007-3708
Cross-site scripting XSS vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via 1 String.fromCharCode and 2 malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xssclean function...
CVE-2007-3709
CRLF injection vulnerability in the redirect function in urlhelper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header...
CVE-2007-3706
The sanitizeglobals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a SERVER cookie...
CVE-2007-3708
Cross-site scripting XSS vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via 1 String.fromCharCode and 2 malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xssclean function...
CVE-2007-3708
CodeIgniter 1.5.3 before 20070626 is affected by a cross-site scripting (XSS) vulnerability due to insufficient sanitization in the xss_clean function. The issue allows remote attackers to inject arbitrary script/HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an un...
CVE-2007-3709
The CVE-2007-3709 entry concerns a CRLF injection in CodeIgniter 1.5.3. The vulnerability lies in the redirect function of url_helper.php, where an unspecified parameter can be tainted to inject arbitrary HTTP headers via CRLF sequences, as demonstrated by a Set-Cookie header. Affected product/ve...
CVE-2007-3707
The CVE-2007-3707 entry concerns a directory traversal in CodeIgniter 1.5.3 prior to 20070628 when enable_query_strings is enabled. An attacker can read arbitrary files using a dot-dot in the c parameter, potentially exposing sensitive data. The vulnerability is triggered in index.php and is tied...
CVE-2007-3706
The sanitizeglobals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a SERVER cookie...
CVE-2007-3706
The CVE-2007-3706 entry relates to CodeIgniter 1.5.3 before 20070628, where the _sanitize_globals function can allow a remote attacker to unset arbitrary global variables, demonstrated via a _SERVER cookie. This indicates a vulnerability in the input sanitization routine affecting global state, w...
CVE-2007-3707
Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enablequerystrings is true, allows remote attackers to read arbitrary files via a .. dot dot in the c parameter...
CVE-2007-3709
CRLF injection vulnerability in the redirect function in urlhelper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header...
codeigniter-multi.txt
CodeIgniter is a powerful PHP framework with a very small footprint, built for PHP coders who need a simple and elegant toolkit to create full-featured web applications. http://www.codeigniter.com 1. sanitizeglobals global variables unsetting By setting e.g. "SERVER=anonymous" cookie in the...
CodeIgniter 1.5.3 vulnerabilities
CodeIgniter is a powerful PHP framework with a very small footprint, built for PHP coders who need a simple and elegant toolkit to create full-featured web applications. http://www.codeigniter.com 1. sanitizeglobals global variables unsetting By setting e.g. "SERVER=anonymous" cookie in the...