CVE-2025-54418

CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing imagick as the image library and either allow file uploads with user-controlled filenames and process...

CVE-2025-54418

CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing imagick as the image library and either allow file uploads with user-controlled filenames and process...

CVE-2025-54418 CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability

CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing imagick as the image library and either allow file uploads with user-controlled filenames and process...

CVE-2025-54418

CodeIgniter4 (PHP) vulnerability: ImageMagick handler (imagick) allows command injection when processing uploads with user-controlled filenames (resize()) or text operations (text()) in versions prior to 4.6.2. Root cause is unsafe handling of user input in ImageMagick workflows, enabling shell m...

PT-2025-31111 · Unknown · Imagemagick +1

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.6.2 Description: CodeIgniter is a PHP full-stack web framework susceptible to a command injection issue. The vulnerability impacts applications utilizing the ImageMagick handler imagick for image processing and...

CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

CVE-2025-24013

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...

CVE-2024-6526

A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. This affects an unknown part. The manipulation of the argument searchtitle/catName/sub/name/categorie leads to cross site scripting. It is possib...

CVE-2024-31822

An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component...

CVE-2023-32692

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...

CVE-2022-40829

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orlike function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40826

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orhaving function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-41446

An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data...

CVE-2022-40825

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php wherein function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40827

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php where function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40835

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40830

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php wherenotin function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40828

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orwherenotin function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40831

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php like function. Note: Multiple third parties have disputed this as not a valid vulnerability...