995 matches found
EUVD-2022-3879
Malicious code in bioql PyPI...
EUVD-2022-44084
Malicious code in bioql PyPI...
EUVD-2022-44092
Malicious code in bioql PyPI...
EUVD-2022-44090
Malicious code in bioql PyPI...
EUVD-2022-44087
Malicious code in bioql PyPI...
EUVD-2022-44639
Malicious code in bioql PyPI...
EUVD-2023-1576
Malicious code in bioql PyPI...
Command Injection
codeigniter4/framework is vulnerable to Command Injection. The vulnerability is due to improper handling of user-controlled filenames and text content when using the ImageMagick imagick handler in the resize or text methods, which allows an attacker to execute arbitrary shell commands by supplyin...
CVE-2025-54418
CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing imagick as the image library and either allow file uploads with user-controlled filenames and process...
The vulnerability of the resize() and text() methods of the ImageMagick framework, which are used for developing web systems and CodeIgniter applications, allows attackers to load arbitrary files.
The vulnerability of the resize and text methods of the ImageMagick framework used for developing web systems and CodeIgniter applications relates to the lack of measures taken to neutralize special elements used in the operating system command line. Exploiting this vulnerability allows a remote...
CVE-2025-54418
CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing imagick as the image library and either allow file uploads with user-controlled filenames and process...
CVE-2025-54418 CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability
CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing imagick as the image library and either allow file uploads with user-controlled filenames and process...
CVE-2025-54418 CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability
CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing imagick as the image library and either allow file uploads with user-controlled filenames and process...
CVE-2025-54418
CodeIgniter4 (PHP) vulnerability: ImageMagick handler (imagick) allows command injection when processing uploads with user-controlled filenames (resize()) or text operations (text()) in versions prior to 4.6.2. Root cause is unsafe handling of user input in ImageMagick workflows, enabling shell m...
CVE-2025-54418 CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability
CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing imagick as the image library and either allow file uploads with user-controlled filenames and process...
CodeIgniter 操作系统命令注入漏洞
CodeIgniter is a lightweight, fast, flexible and secure PHP full-stack web framework open-sourced by Codeigniter. An operating system command injection vulnerability exists in CodeIgniter versions prior to 4.6.2, which stems from a command injection when ImageMagick handles user-controlled...
PT-2025-31111 · Unknown · Imagemagick +1
Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.6.2 Description: CodeIgniter is a PHP full-stack web framework susceptible to a command injection issue. The vulnerability impacts applications utilizing the ImageMagick handler imagick for image processing and...
GHSA-49JM-G4M8-X53P Withdrawn Advisory: CodeIgniter4 Cross-Site Scripting Vulnerability in debugbar_time Parameter
Withdrawn Advisory This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. For more information, see https://github.com/github/advisory-database/pull/5862. Original Description A stored cross-site scripting XSS...
CodeIgniter 4 安全漏洞
CodeIgniter 4 is a PHP full-stack web framework open-sourced by CodeIgniter. A security vulnerability exists in CodeIgniter 4 version 4.6.0, which stems from improper cleanup of the debugbartime parameter and could lead to stored cross-site scripting...
CVE-2025-45406
A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...