995 matches found
CVE-2022-35943
Summary: CVE-2022-35943 affects CodeIgniter Shield (CodeIgniter 4) and may allow SameSite attackers to bypass CSRF protection when they control a subdomain. The issue exists regardless of whether CSRF protection is cookie or session based, and regardless of regenerate setting. Affected software/c...
CVE-2022-35943 SameSite may allow cross-site request forgery (CSRF) protection to be bypassed
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...
PT-2022-23049 · Shield +1 · Sshield +1
Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.2.3 Shield versions prior to 1.0.0-beta.2 Description: This issue may allow attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must...
CodeIgniter Shield 跨站请求伪造漏洞
CodeIgniter Shield is the authentication and authorization module for CodeIgniter 4 from CodeIgniter, Inc. A cross-site request forgery vulnerability exists in CodeIgniter Shield. An attacker exploits this vulnerability to bypass organizations with CodeIgniter Shield...
PyroCMS 跨站脚本漏洞
PyroCMS is a lightweight open source content management system developed by an individual developer using the CodeIgniter framework. A cross-site scripting vulnerability exists in PyroCMS v3.9, which stems from being found to contain multiple cross-site scripting XSS vulnerabilities...
CodeIgniter CMS 4.2.0 SQL Injection
+++++++++++++++++++++++++++++++++ + +Exploit Title : CodeIgniter CMS Version 4.2.0 Sql Injection Vulnerability + +Exploit Author : E1.Coders + +Vendor Homepage : https://www.codeigniter.com/ + +Google Dork ONE : searchResult/?title= + +Google Dork Two : Job/searchResult/?title= + +Date : 15 / 05 ...
FUEL CMS 跨站请求伪造漏洞
FUEL CMS is a content management system CMS based on the Codelgniter framework. A cross-site request forgery vulnerability exists in FUEL CMS version 1.5.0, which can be exploited by an attacker to forge a malicious request and trick a victim into clicking on it to perform a sensitive operation...
GHSA-JWQP-WH5G-4GMM CodeIgniter Improper Privilege Management
CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown...
CodeIgniter Improper Privilege Management
CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown...
CodeIgniter Rest Server XXE Vulnerability
CodeIgniter Rest Server aka codeigniter-restserver 2.7.1 allows XXE attacks...
GHSA-CC7G-9PCJ-7GWM CodeIgniter Rest Server XXE Vulnerability
CodeIgniter Rest Server aka codeigniter-restserver 2.7.1 allows XXE attacks...
CodeIgniter arbitrary code execution
system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email-from field to insert sendmail command-line arguments...
GHSA-2PCJ-76HJ-XQHM CodeIgniter arbitrary code execution
system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email-from field to insert sendmail command-line arguments...
GHSA-W9PH-Q4H9-RWQ6 CodeIgniter and Kohana vulnerable to PHP Object Injection
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes...
CodeIgniter and Kohana vulnerable to PHP Object Injection
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes...
GHSA-J9F9-8J39-4G97 CodeIgniter HTTP Header Injection
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...
CodeIgniter HTTP Header Injection
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...
GHSA-G434-3Q2J-HJ4R CodeIgniter Session Fixation Vulnerability
A Session Fixation issue exists in CodeIgniter before 3.1.10 because session.usestrictmode in the Session Library was mishandled...
CodeIgniter Session Fixation Vulnerability
A Session Fixation issue exists in CodeIgniter before 3.1.10 because session.usestrictmode in the Session Library was mishandled...
FUEL CMS跨站脚本漏洞
FUEL CMS is a content management system CMS based on the Codelgniter framework.A cross-site scripting vulnerability exists in FUEL CMS version 1.5.1. The vulnerability stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit the...