CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

86 matches found

Vulnrichment•added 2022/02/28 3:45 p.m.•2 views

CVE-2022-24711 Remote CLI Command Execution Vulnerability in CodeIgniter4

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

9.4CVSS9.6AI score0.00413EPSS

Exploits0References2

Friends Of PHP•added 2022/02/26 12:51 a.m.•26 views

CVE-2022-24711: Remote CLI Command Execution Vulnerability in CodeIgniter4

Impact This vulnerability allows attackers to execute CLI routes via HTTP request. Patches Upgrade to v4.1.9 or later. Workarounds None. For more information If you have any questions or comments about this advisory: Open an issue in codeigniter4/CodeIgniter4 Email us at SECURITY.md...

9.8CVSS9.5AI score0.00413EPSS

Exploits0Affected Software1

Friends Of PHP•added 2022/02/26 12:51 a.m.•30 views

CVE-2022-24712: Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4

Impact This vulnerability might allow remote attackers to bypass the CodeIgniter4 CSRF protection mechanism. Patches Upgrade to v4.1.9 or later. Workarounds These are workarounds for this vulnerability, but you will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF...

8.8CVSS7.5AI score0.00076EPSS

Exploits0Affected Software1

Github Security Blog•added 2022/01/27 3:9 p.m.•17 views

Cross-site Scripting Vulnerability in CodeIgniter4

Impact Cross-Site Scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4. Attackers can do XSS attacks if you are using API\ResponseTrait. Patches Upgrade to v4.1.8 or later. Workarounds Do one of the following: 1. Do not use API\ResponseTrait nor ResourceController 2. Disable...

6.1CVSS2.1AI score0.00374EPSS

Exploits0References6Affected Software1

OSV•added 2022/01/27 3:9 p.m.•62 views

GHSA-7528-7JG5-6G62 Cross-site Scripting Vulnerability in CodeIgniter4

5.4CVSS5.5AI score0.00374EPSS

Exploits0References6

Veracode•added 2022/01/25 5:8 a.m.•19 views

Cross-site Scripting (XSS)

codeigniter4/framework is vulnerable to cross-site scriptingXSS attacks. A remote unauthenticated attacker is able to inject and execute malicious javascript on victim's browser when the potential victim is using API\ResponseTrait...

6.1CVSS4.1AI score0.00374EPSS

Exploits0References4Affected Software1

NVD•added 2022/01/24 8:15 p.m.•13 views

CVE-2022-21715

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a...

6.1CVSS0.00374EPSS

Exploits0References3

Prion•added 2022/01/24 8:15 p.m.•18 views

Cross site scripting

4.3CVSS5.9AI score0.00374EPSS

Exploits0References3Affected Software1

OSV•added 2022/01/24 7:55 p.m.•16 views

CVE-2022-21715 Cross-site Scripting Vulnerability in CodeIgniter4

5.4CVSS5.6AI score0.00374EPSS

Exploits0References5

CVE•added 2022/01/24 7:55 p.m.•87 views

CVE-2022-21715

CodeIgniter4 4.x contains an XSS vulnerability in API\ResponseTrait present before 4.1.8. The issue allows cross-site scripting if a victim uses API\ResponseTrait; a patch is available in 4.1.8. Mitigations/workarounds in the sources include upgrading to 4.1.8 or later, not using API\ResponseTrai...

6.1CVSS5.7AI score0.00374EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2022/01/24 7:55 p.m.•6 views

CVE-2022-21715 Cross-site Scripting Vulnerability in CodeIgniter4

5.4CVSS6AI score0.00374EPSS

Exploits0References3

Cvelist•added 2022/01/24 7:55 p.m.•18 views

CVE-2022-21715 Cross-site Scripting Vulnerability in CodeIgniter4

5.4CVSS6.1AI score0.00374EPSS

Exploits0References3

Friends Of PHP•added 2022/01/24 5:41 p.m.•20 views

CVE-2022-21715: XSS Vulnerability in API\ResponseTrait in CodeIgniter4

6.1CVSS5.5AI score0.00374EPSS

Exploits0Affected Software1

Github Security Blog•added 2022/01/06 10:52 p.m.•36 views

Deserialization of Untrusted Data in Codeigniter4

Impact Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL injection...

9.8CVSS3.6AI score0.09938EPSS

Exploits0References5Affected Software1

OSV•added 2022/01/06 10:52 p.m.•19 views

GHSA-W6JR-WJ64-MC9X Deserialization of Untrusted Data in Codeigniter4

7.7CVSS9.1AI score0.09938EPSS

Exploits0References5

Veracode•added 2022/01/05 5:2 a.m.•15 views

SQL Injection

codeigniter4/framework is vulnerable to SQL injection. The old function in system/Common.php does not properly sanitize the user input, which allows a remote attacker to inject arbitrary SQL commands to the APIs...

9.8CVSS4.3AI score0.09938EPSS

Exploits0References3Affected Software1

NVD•added 2022/01/04 8:15 p.m.•5 views

CVE-2022-21647

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a...

9.8CVSS0.09938EPSS

Exploits0References2

Prion•added 2022/01/04 8:15 p.m.•15 views

Deserialization of untrusted data

7.5CVSS10AI score0.09938EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/01/04 8:5 p.m.•11 views

CVE-2022-21647 Deserialization of Untrusted Data in Codeigniter4

7.7CVSS10AI score0.09938EPSS

Exploits0References2

OSV•added 2022/01/04 8:5 p.m.•12 views

CVE-2022-21647 Deserialization of Untrusted Data in Codeigniter4