CVE-2025-68434

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Cross-Site Request Forgery CSRF vulnerability exists in the application's filter configuration. The CSRF protection...

CVE-2025-68147 opensourcepos has a Cross-site Scripting vulnerability

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting XSS vulnerability exists in the "Return Policy" configuration field. The application doe...

Command Injection

codeigniter4/framework is vulnerable to Command Injection. The vulnerability is due to improper handling of user-controlled filenames and text content when using the ImageMagick imagick handler in the resize or text methods, which allows an attacker to execute arbitrary shell commands by supplyin...

CVE-2022-46170

CodeIgniter is a PHP full-stack web framework. When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user...

Interpretation Conflict

Overview codeigniter4/framework is a PHP full-stack web framework that is light, fast, flexible, and secure. Affected versions of this package are vulnerable to Interpretation Conflict due to a lack of validations of the header name and value. Workaround Users who are unable to upgrade to the fix...

ASIS 安全漏洞

ASIS Aplikasi Sistem Sekolah using CodeIgniter is a school system application with the Codeigniter framework by the individual developer Mahmud siregar. A security vulnerability exists in ASIS versions 3.0.0 through 3.2.0 that stems from allowing a user to bypass authentication...

Mini Inventory and Sales Management System 安全漏洞

Mini Inventory and Sales Management System is a small inventory and sales management system written in PHP CodeIgniter framework that supports MySQL and Sqlite3 databases. A security vulnerability exists in Mini Inventory and Sales Management System. An attacker can exploit this vulnerability to...

PyroCMS 跨站脚本漏洞

PyroCMS is a lightweight open source content management system developed by an individual developer using the CodeIgniter framework. A cross-site scripting vulnerability exists in PyroCMS v3.9, which stems from being found to contain multiple cross-site scripting XSS vulnerabilities...

GalleryCMS 跨站脚本漏洞

GalleryCMS is a free image gallery CMS based on the CodeIgniter 2.1 framework from Aaron Benson, a US-based individual developer. GalleryCMS v2.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation in the albumname parameter in /index.php/album/add for...

FUEL CMS 跨站脚本漏洞

FUEL CMS is a content management system CMS based on the Codelgniter framework. version 1.5.1 of FUEL CMS suffers from a cross-site scripting vulnerability, which stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to...

CSCMS 安全漏洞

CScms is a content management system CMS developed based on the CI framework. cscms v4.0 is vulnerable due to a lack of effective protection against brute force attacks in the software user login box, which can be exploited by attackers to hijack user accounts via brute force attacks...

FUEL-CMS 访问控制错误漏洞

FUEL CMS is a CodeIgniter-based content management system. A brute-force cracking vulnerability exists in fuel/modules/fuel/controllers/Login.php in Fuel CMS version 1.5.0. An attacker can use this vulnerability to brute-force the administrator's email address...

FUEL CMS SQL注入漏洞

FUEL CMS is a content management system based on CodeIgniter. A SQL injection vulnerability exists in Fuel CMS version 1.5.0. The vulnerability can be exploited to conduct SQL injection attacks via the col parameter in /fuel/index.php/fuel/pages/items...

FUEL CMS SQL注入漏洞

FUEL CMS is a content management system based on CodeIgniter. FUEL CMS 1.4.11 suffers from a SQL injection vulnerability. The vulnerability can be exploited by an attacker via the 'name' parameter in /fuel/permissions/create/ to compromise an application, access or modify data, or exploit a...

FUEL CMS 1.4.8 suffers from SQL Injection Vulnerability

FUELCMS is a CMS system based on the Codeigniter framework. FUEL CMS 1.4.8 suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

Command Execution Vulnerability in Xunrui CMS (CNVD-2019-33541)

Xunrui CMS content management framework is based on PHP7 language using the latest CodeIgniter4 as a development framework for the production of web content management framework, providing "computer site + mobile site + APP interface" integrated web technology solutions. There is a command...

Command Execution Vulnerability in CMS Co***.php File

Xunrui CMS content management framework is based on PHP7 language using the latest CodeIgniter4 as a development framework for the production of web content management framework, providing "computer site + mobile site + APP interface" integrated web technology solutions. A command execution...

Code Execution Vulnerability in CICMS v2.9

CICMS system is a php+mysql developed, CodeIgniter based enterprise building system. A code execution vulnerability exists in CICMS v2.9, which can be exploited by attackers to gain control of a web server...

Clinic Pro v4 - month SQL Injection

Clinic Pro v4 - month SQL Injection Title: Clinic Pro - Clinic Management Software Date: 03.04.2019 Exploit Author: Abdullah Çelebi Vendor Homepage: https://softwebinternational.com Software Link: https://cms.softwebinternational.com Category: Webapps Tested on: WAMPP @Win Software description: I...

Clinic Pro v4 - 'month' SQL Injection

Title: Clinic Pro - Clinic Management Software Date: 03.04.2019 Exploit Author: Abdullah Çelebi Vendor Homepage: https://softwebinternational.com Software Link: https://cms.softwebinternational.com Category: Webapps Tested on: WAMPP @Win Software description: It is developed by PHP Codeigniter...