CVE-2022-21647: Deserialization of Untrusted Data in Codeigniter4

Impact Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL injection...

CVE-2022-21647: Deserialization of Untrusted Data in Codeigniter4

Description Impact Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL...

PT-2022-15002 · Unknown · Codeigniter4

Name of the Vulnerable Software and Affected Versions: CodeIgniter4 versions prior to 4.1.6 Description: Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute...

File Inclusion Vulnerability in Xunrui CMS

CMS is a content management framework based on CodeIgniter4. A file inclusion vulnerability exists in XunRui CMS, which can be exploited by attackers to execute code and gain control of the server...

Command Execution Vulnerability in DiYunCMS (CNVD-2021-35560)

DiYunCMS is based on PHP7 language using the latest CodeIgniter4 as the development framework for the production of web content management framework, to provide "computer Web site, cell phone Web site, APP interface" integrated Web site technology solutions. DiYunCMS has a command execution...

Command Execution Vulnerability in DiYunCMS

Diyun CMS content management system is based on PHP7 language using the latest CodeIgniter4 as a development framework for the production of web content management framework, providing "computer website, cell phone website, APP interface" integrated web technology solutions. DiYunCMS has a comman...