Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

86 matches found

OSV
OSVadded 2023/11/23 12:28 a.m.19 views

GHSA-V427-C49J-8W6X Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication

Impact secretKey, an important key for HMAC SHA256 authentication, was stored in the database in raw form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that person. Patches...

5CVSS6.4AI score0.00059EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2023/11/23 12:28 a.m.18 views

Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication

Impact secretKey, an important key for HMAC SHA256 authentication, was stored in the database in raw form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that person. Patches...

6.5CVSS7AI score0.00059EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2023/10/31 3:3 p.m.11 views

CVE-2023-46240 CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment

CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround,...

7.5CVSS6.5AI score0.00426EPSS
Exploits0References3
Cvelist
Cvelistadded 2023/10/31 3:3 p.m.12 views

CVE-2023-46240 CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment

CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround,...

7.5CVSS7.6AI score0.00426EPSS
Exploits0References3
Veracode
Veracodeadded 2023/10/31 12:24 p.m.12 views

Information Disclosure

codeigniter4/framework is vulnerable to Information Disclosure. The vulnerability is due to displaying a detailed error report in production environment when an error or exception occurs. This can lead to leakage of confidential information...

7.5CVSS7AI score0.00426EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2023/10/30 3:18 p.m.25 views

GHSA-HWXF-QXJ7-7RFJ CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment

Impact If an error or exception occurs in CodeIgniter4 v4.4.2 and earlier, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Patches Upgrade to v4.4.3 or later. See upgrading guide. Workarounds Replace...

7.5CVSS7.3AI score0.00426EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2023/10/30 3:18 p.m.50 views

CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment

Impact If an error or exception occurs in CodeIgniter4 v4.4.2 and earlier, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Patches Upgrade to v4.4.3 or later. See upgrading guide. Workarounds Replace...

7.5CVSS6.8AI score0.00426EPSS
Exploits0References5Affected Software1
CNVD
CNVDadded 2023/06/28 12:0 a.m.5 views

NodCMS Cross-Site Scripting Vulnerability

NodCMS is a free, multilingual, simple and powerful CMS based on CodeIgniter4. A cross-site scripting XSS vulnerability exists in NodCMS version 3.0. An attacker can exploit this vulnerability to execute arbitrary code and access sensitive information...

4.8CVSS5.9AI score0.00176EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2023/05/22 7:49 p.m.153 views

Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4

Impact This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally...

9.8CVSS9.5AI score0.0181EPSS
Exploits0References6Affected Software1
Veracode
Veracodeadded 2023/03/15 4:31 p.m.16 views

Authentication Bypass

codeigniter4/shield is vulnerable to Authentication Bypass. The vulnerability exists due to a weak implementation of the password storage functionality which allows an attacker to crack the password if they have access to a user's hashed password...

7.5CVSS5.8AI score0.00182EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blogadded 2023/03/13 8:51 p.m.16 views

Password Shucking Vulnerability

Impact An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets 1 the user's hashed...

7.5CVSS5.8AI score0.00182EPSS
Exploits0References8Affected Software1
Veracode
Veracodeadded 2022/12/23 7:34 a.m.19 views

Spoofing Attacks

codeigniter4/framework is vulnerable to spoofing attacks. The vulnerability exists in the getIPAddress in RequestTrait.php because the vulnerability may allow attackers to spoof their ip address when the server is behind a reverse proxy...

7.5CVSS7.1AI score0.0014EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blogadded 2022/12/22 8:1 p.m.34 views

CodeIgniter4 Potential Session Handlers Vulnerability

Impact When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user pages, they may be able to access pages...

9.8CVSS9AI score0.00311EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2022/12/22 8:1 p.m.21 views

GHSA-6CQ5-8CJ7-G558 CodeIgniter4 Potential Session Handlers Vulnerability

Impact When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user pages, they may be able to access pages...

8.6CVSS9.1AI score0.00311EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2022/12/22 7:59 p.m.49 views

CodeIgniter4 allows spoofing of IP address when using proxy

Impact This vulnerability may allow attackers to spoof their IP address when your server is behind a reverse proxy. Patches Upgrade to v4.2.11 or later, and configure Config\App::$proxyIPs. Workarounds Do not use $request-getIPAddress. References -...

7.5CVSS1.8AI score0.0014EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2022/12/22 7:59 p.m.29 views

GHSA-GHW3-5QVM-3MQC CodeIgniter4 allows spoofing of IP address when using proxy

Impact This vulnerability may allow attackers to spoof their IP address when your server is behind a reverse proxy. Patches Upgrade to v4.2.11 or later, and configure Config\App::$proxyIPs. Workarounds Do not use $request-getIPAddress. References -...

7CVSS7AI score0.0014EPSS
Exploits1References6
Veracode
Veracodeadded 2022/10/07 5:59 a.m.23 views

Information Disclosure

codeigniter4/framework is vulnerable to information disclosure. The vulnerability exists in the setcookie function because it does not reflect setting $secure or $httponly values to true in config or cookie, which exposes them to scripts, allowing an attacker to gain access to internal data...

4.3CVSS4.9AI score0.00492EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blogadded 2022/10/06 8:1 p.m.25 views

Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued

Impact Setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. Note This vulnerability does not affect session cookies. The following code does not issue a cookie with the secure flag even if you set $secure = true in Config\Cookie. php...

4.3CVSS5.2AI score0.00492EPSS
Exploits1References9Affected Software1
OSV
OSVadded 2022/10/06 8:1 p.m.40 views

GHSA-745P-R637-7VVP Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued

Impact Setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. Note This vulnerability does not affect session cookies. The following code does not issue a cookie with the secure flag even if you set $secure = true in Config\Cookie. php...

2.6CVSS4.2AI score0.00492EPSS
Exploits1References9
Friends Of PHP
Friends Of PHPadded 2022/10/06 9:39 a.m.21 views

CVE-2022-39284: Config\Cookie Secure or HttpOnly flag not set in CodeIgniter4

Impact Setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. Note This vulnerability does not affect session cookies. The following code does not issue a cookie with the secure flag even if you set $secure = true in Config\Cookie. php...

4.3CVSS4.2AI score0.00492EPSS
Exploits1Affected Software1
Rows per page
Query Builder