CVE-2022-40832

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php having function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-39284

CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...

CVE-2017-1000247

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...

CVE-2011-3719

CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files...

CVE-2022-21647

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a...

CVE-2025-24013 CodeIgniter validation of header name and value

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...

CVE-2025-24013 CodeIgniter validation of header name and value

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...

CVE-2025-24013 CodeIgniter validation of header name and value

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...

PT-2024-29362 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: Codeigniter version 3.1.13 Description: A Cross-Site Request Forgery CSRF issue allows attackers to arbitrarily change the Administrator password and escalate privileges. Recommendations: For Codeigniter version 3.1.13, update to a newer...

PT-2024-23125 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.4.7 Description: A vulnerability was found in the Language class that allowed DoS attacks, which can be exploited by an attacker to consume a large amount of memory on the server. Recommendations: Upgrade to...

CodeIgniter 代码注入漏洞

CodeIgniter is an open source web framework written in the PHP language. A security vulnerability exists in CodeIgniter versions prior to 4.3.5 that stems from a problem with the validation method and in-model validation in the controller, allowing an attacker to execute arbitrary code...

CVE-2022-46170 CodeIgniter is vulnerable to improper authentication via Session Handlers

CodeIgniter is a PHP full-stack web framework. When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user...

CVE-2022-23556 CodeIgniter is vulnerable to IP address spoofing when using proxy

CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...

CVE-2022-41446

An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data...

CVE-2022-40834

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php ornotlike function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40826

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orhaving function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CodeIgniter SQL注入漏洞

CodeIgniter is an open source web framework written in PHP. A SQL injection vulnerability exists in CodeIgniter version 3.1.13 and earlier versions, which stems from a SQL injection problem in the orwherenotin method in the systemdatabaseDBquerybuilder.php location...

PT-2022-25568 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions =3.1.13 Description: The issue concerns SQL Injection via the systemdatabaseDB query builder.php file. Note that the validity of this issue has been disputed by multiple third parties. Recommendations: For versions =3.1.1...

PT-2022-16822 · Unknown · Codeigniter4

Name of the Vulnerable Software and Affected Versions: CodeIgniter4 versions prior to 4.1.9 Description: A vulnerability in CodeIgniter4 might allow remote attackers to bypass the Cross-Site Request Forgery CSRF protection mechanism. This issue can be exploited when auto-routing is enabled or...

CodeIgniter 代码问题漏洞

CodeIgniter is an open source Web framework written in PHP. codeIgniter is vulnerable to a code issue that stems from the deserialization of untrusted data found in the old function of the software. A remote attacker could use the vulnerability to inject an arbitrary object with the vulnerability...