995 matches found
CVE-2023-48708 Insertion of Sensitive Information into Log in codeigniter4/shield
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...
CVE-2023-48708 Insertion of Sensitive Information into Log in codeigniter4/shield
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...
CodeIgniter Shield Log Information Disclosure Vulnerability
CodeIgniter Shield is the authentication and authorization module for CodeIgniter 4 from CodeIgniter, Inc. The vulnerability in CodeIgniter Shield versions prior to 1.0.0-beta.8 stems from the presence of a log message disclosure vulnerability...
CodeIgniter Shield Security Vulnerabilities
CodeIgniter Shield is the authentication and authorization module for CodeIgniter 4 from CodeIgniter, Inc. A security vulnerability exists in CodeIgniter Shield versions prior to 1.0.0-beta.8 that stems from the use of plaintext to store sensitive information in HMAC SHA256 authentication...
CVE-2023-46240
CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround,...
Code injection
CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround,...
CVE-2023-46240 CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround,...
CVE-2023-46240
Summary: CVE-2023-46240 affects CodeIgniter 4 prior to 4.4.3. When an error or exception occurs, a detailed error report can be displayed in production, potentially leaking confidential information. Impact: information disclosure due to verbose error reporting in production. Affected component: C...
CodeIgniter Security Vulnerabilities
CodeIgniter is an open source web framework written in the PHP language. A security vulnerability exists in CodeIgniter versions prior to 4.4.3. An attacker exploited the vulnerability to obtain sensitive information...
PT-2023-29924 · Unknown · Codeigniter4
Name of the Vulnerable Software and Affected Versions: CodeIgniter4 versions prior to 4.4.3 Description: CodeIgniter is a PHP full-stack web framework. If an error or exception occurs, a detailed error report is displayed even if in the production environment, potentially leaking confidential...
Blood Donor Management System v1.0 - Stored XSS Vulnerability
Exploit Title: Blood Donor Management System v1.0 - Stored XSS Application: Blood Donor Management System Version: v1.0 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/ Author: Ehlullah...
Blood Donor Management System v1.0 - Stored XSS
Exploit Title: Blood Donor Management System v1.0 - Stored XSS Application: Blood Donor Management System Version: v1.0 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/ Date: 15.08.2023...
Blood Donor Management System 1.0 Cross Site Scripting
Exploit Title: Blood Donor Management System - Stored XSS Application: Blood Donor Management System Version: v1.0 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/ Date: 15.08.2023...
CVE-2023-32692
CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...
Input validation
CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...
CVE-2023-32692 Remote Code Execution Vulnerability in Validation Placeholders
CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...
CVE-2023-32692 Remote Code Execution Vulnerability in Validation Placeholders
CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...
CVE-2023-32692 Remote Code Execution Vulnerability in Validation Placeholders
CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...
CVE-2023-32692
CodeIgniter4 contains a Remote Code Execution vulnerability in the Validation placeholders handled by the Validation library (affecting validation in controllers/models). The issue allows arbitrary code execution and is addressed by upgrading to version 4.3.5 or later. Connected sources corrobora...
CodeIgniter 代码注入漏洞
CodeIgniter is an open source web framework written in the PHP language. A security vulnerability exists in CodeIgniter versions prior to 4.3.5 that stems from a problem with the validation method and in-model validation in the controller, allowing an attacker to execute arbitrary code...