177 matches found
CVE-2026-25509
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
CVE-2026-25510
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution RCE by leveraging the file creation and sav...
CVE-2026-25509
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
EUVD-2026-5162
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution RCE by leveraging the file creation and sav...
CVE-2026-25510 CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution RCE by leveraging the file creation and sav...
CVE-2026-25510 CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution RCE by leveraging the file creation and sav...
CVE-2026-25509 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
CVE-2026-25509
CI4MS is a CodeIgniter 4–based CMS skeleton. A vulnerability in the authentication flow allows unauthenticated attackers to enumerate registered emails via password-reset responses, by differentiating between existing vs non-existing emails. The issue is documented across multiple feeds (NVD, Red...
CVE-2026-25509
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
CVE-2026-25509 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
CVE-2026-25509 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
PT-2026-6301
Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.28.5.0 Description CI4MS, a CodeIgniter 4-based CMS skeleton, contains a flaw in its authentication implementation that allows an unauthenticated attacker to determine if an email address is registered within the...
CodeIgniter 跨站脚本漏洞
CodeIgniter is an open source web framework written in the PHP language. CodeIgniter 4 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...
PT-2022-15060 · Unknown · Codeigniter4
Name of the Vulnerable Software and Affected Versions: CodeIgniter4 versions prior to 4.1.8 Description: A cross-site scripting XSS issue was found in APIResponseTrait in CodeIgniter4. Attackers can perform XSS attacks if a potential victim is using APIResponseTrait. Recommendations: For versions...
Code Execution Vulnerability in Xunrui CMS
Xunrui CMS free open source system is based on PHP7 language using the latest CodeIgniter4 as the development framework for the production of web content management framework. XunRui CMS code execution vulnerabilities exist. An attacker can exploit the vulnerability to execute arbitrary code...
File Upload Vulnerability in CMS Ap***.php File
Xunrui CMS free open source system is based on PHP7 language using the latest CodeIgniter4 as the development framework for the production of web content management framework. XunRui CMS Ap.php file file upload vulnerability. Attackers can use the vulnerability to upload webshell, get server...
Command Execution Vulnerability in Xunrui CMS V4.3.4 at Sichuan Xunrui Cloud Software Development Co.
Xunrui CMS free open source system is based on PHP7 language using the latest CodeIgniter4 as the development framework for the production of web content management framework. Sichuan Xunrui Cloud Software Development Co., Ltd. Xunrui CMS V4.3.4 there is a command execution vulnerability, attacke...