995 matches found
CVE-2026-25510 CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution RCE by leveraging the file creation and sav...
CVE-2026-25509
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
CVE-2026-25509 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
EUVD-2026-5163
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
CVE-2026-25509
CI4MS is a CodeIgniter 4βbased CMS skeleton. A vulnerability in the authentication flow allows unauthenticated attackers to enumerate registered emails via password-reset responses, by differentiating between existing vs non-existing emails. The issue is documented across multiple feeds (NVD, Red...
CVE-2026-25509 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
CVE-2026-25509 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
PT-2026-6301
Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.28.5.0 Description CI4MS, a CodeIgniter 4-based CMS skeleton, contains a flaw in its authentication implementation that allows an unauthenticated attacker to determine if an email address is registered within the...
PT-2026-6302
Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.28.5.0 Description CI4MS is a CodeIgniter 4-based CMS skeleton that provides a production-ready, modular architecture with RBAC authorization and theme support. An authenticated user with file editor permissions can...
CVE-2022-35943
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...
CVE-2025-68434
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Cross-Site Request Forgery CSRF vulnerability exists in the application's filter configuration. The CSRF protection...
CVE-2025-68147 opensourcepos has a Cross-site Scripting vulnerability
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting XSS vulnerability exists in the "Return Policy" configuration field. The application doe...
π CodeIgniter CMS 4.2.0 SQL Injection
Proof of concept exploit for the CodeIgniter CMS version 4.2.0 remote SQL injection vulnerability. ============================================================================================================================================= | Title : CodeIgniter CMS 4.2.0 SQL Injection Exploit | ...
EUVD-2007-3691
Malware in sbrugna...
EUVD-2007-3690
Malware in sbrugna...
EUVD-2011-3677
Malware in sbrugna...
EUVD-2012-1924
Malware in sbrugna...
EUVD-2015-5671
Malware in sbrugna...
EUVD-2020-17784
Malware in sbrugna...
EUVD-2020-17779
Malware in sbrugna...