995 matches found
PT-2023-23966 · Unknown · Codeigniter
Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.3.5 Description: This issue allows attackers to execute arbitrary code when using Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-mod...
PT-2023-32955 · Unknown · Codeigniter
Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.5.8 Description: The issue is related to improper header validation for the name and value, which could allow a potential attacker to construct deliberately malformed headers using the Header class. This could...
CVE-2023-27580
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability...
Authorization
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability...
CVE-2023-27580 CodeIgniter Shield Password Shucking Vulnerability
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability...
CVE-2023-27580 CodeIgniter Shield Password Shucking Vulnerability
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability...
CVE-2023-27580
CodeIgniter Shield (for CodeIgniter 4) has a vulnerability in its password storage due to an improper implementation, making all hashed passwords stored in Shield v1.0.0-beta.3 or earlier easier to crack. A fix exists: upgrade to Shield v1.0.0-beta.4 or later. After upgrading, all users’ hashed p...
CVE-2023-27580 CodeIgniter Shield Password Shucking Vulnerability
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability...
PT-2023-21223 · Unknown · Codeigniter Shield
Name of the Vulnerable Software and Affected Versions: CodeIgniter Shield versions 1.0.0-beta.3 and earlier Description: An improper implementation was found in the password storage process, making all hashed passwords stored in affected versions easier to crack than expected. If an attacker...
CodeIgniter Shield 安全漏洞
CodeIgniter Shield is the authentication and authorization module for CodeIgniter 4 from CodeIgniter, Inc. CodeIgniter Shield has a security vulnerability that stems from hashed passwords being easier to crack than expected...
SUSE CVE-2014-8684
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes...
CVE-2023-23010
Cross Site Scripting XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 on Dec 27, 2022, allows attackers to execute arbitrary code via the languages and transload parameters in file addproduct.php...
CVE-2023-23010
Cross Site Scripting XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 on Dec 27, 2022, allows attackers to execute arbitrary code via the languages and transload parameters in file addproduct.php...
Cross site scripting
Cross Site Scripting XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 on Dec 27, 2022, allows attackers to execute arbitrary code via the languages and transload parameters in file addproduct.php...
Ecommerce-CodeIgniter-Bootstrap多款产品 跨站脚本漏洞
Ecommerce-CodeIgniter-Bootstrap is a responsive, multi-vendor, multi-language online store platform shopping cart solution. A security vulnerability exists in Ecommerce-CodeIgniter-Bootstrap. An attacker exploited the vulnerability to execute arbitrary code via the languages and transload...
CVE-2023-23010
Cross Site Scripting XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 on Dec 27, 2022, allows attackers to execute arbitrary code via the languages and transload parameters in file addproduct.php...
CVE-2023-23010
CVE-2023-23010 is reported in Ecommerce-CodeIgniter-Bootstrap as a Cross-Site Scripting (XSS) vulnerability that can allow an attacker to execute arbitrary code via the languages and trans_load parameters in add_product.php, following commit d5904379ca55014c5df34c67deda982c73dc7fe5 (Dec 27, 2022)...
CVE-2023-23010
Cross Site Scripting XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 on Dec 27, 2022, allows attackers to execute arbitrary code via the languages and transload parameters in file addproduct.php...
CVE-2022-46170
CodeIgniter is a PHP full-stack web framework. When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user...
CVE-2022-23556
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...