BIT-CODEIGNITER-2023-46240

CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround,...

BIT-CODEIGNITER-2022-40824

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orwhere function...

BIT-CODEIGNITER-2022-40825

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php wherein function...

BIT-CODEIGNITER-2022-40826

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orhaving function...

BIT-CODEIGNITER-2022-40827

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php where function...

BIT-CODEIGNITER-2022-40828

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orwherenotin function...

BIT-CODEIGNITER-2022-40830

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php wherenotin function...

BIT-CODEIGNITER-2022-40831

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php like function...

BIT-CODEIGNITER-2022-40832

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php having function...

BIT-CODEIGNITER-2022-40833

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orwherein function...

BIT-CODEIGNITER-2022-40834

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php ornotlike function...

BIT-CODEIGNITER-2022-40835

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php...

CVE-2023-48707

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The secretKey value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database,...

CVE-2023-48708

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...

Authorization

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The secretKey value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database,...

Authorization

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...

CVE-2023-48707 Cleartext Storage of Sensitive Information in codeigniter4/shield

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The secretKey value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database,...

CVE-2023-48707

The CVE-2023-48707 entry concerns CodeIgniter Shield (CodeIgniter 4) where the secretKey used for HMAC SHA256 authentication was stored in cleartext in the database in affected versions. This plaintext storage enables an attacker with DB access to misuse the secretKey to impersonate users via HMA...

CVE-2023-48707 Cleartext Storage of Sensitive Information in codeigniter4/shield

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The secretKey value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database,...

CVE-2023-48708

CodeIgniter Shield (for CodeIgniter 4) contains a vulnerability where successful login attempts can store raw tokens in the log table. If logs are viewed, an attacker could obtain a token and misuse user authority. The issue is fixed in Shield v1.0.0-beta.8; upgrade is advised. If upgrading isn’t...