CVE-2018-12071

Summary (CVE-2018-12071) : CodeIgniter before 3.1.9 is affected by a session fixation vulnerability caused by mishandling of the PHP directive session.use_strict_mode in the Session Library. Multiple connected sources describe this issue consistently (CodeIgniter’s prior to 3.1.9 handling, and ad...

CVE-2018-12071

A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.usestrictmode in the Session Library was mishandled...

PT-2018-10988 · Ellislab · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 3.1.9 Description: A Session Fixation issue exists because session.use strict mode in the Session Library was mishandled. This issue can be exploited due to the mishandling of the session configuration...

EllisLab CodeIgniter Cross-Site Scripting Vulnerability

EllisLab CodeIgniter is the United States EllisLab company for PHP web developers to use a set of application development framework and toolkit . A security vulnerability exists in the 'xssclean' function in EllisLab CodeIgniter versions prior to 2.1.4. The vulnerability can be exploited by remot...

EllisLab CodeIgniter SQL Injection Vulnerability

EllisLab CodeIgniter is the United States EllisLab company for PHP web developers to use a set of application development framework and toolkit . A SQL injection vulnerability exists in the offset method of the Active Record class in EllisLab CodeIgniter versions prior to 2.2.4. A remote attacker...

Code Execution Vulnerability in POCMS Program Version v3.2.0 Backend

POSCMS System is a content management system based on the CodeIgniter framework. A code execution vulnerability exists in the backend of POCMS program version v3.2.0, which can be exploited by an attacker to execute code and thus gain control of the server...

WordPress Users Warned of Malware Masquerading as ionCube Files

Security researchers are warning WordPress and Joomla admins of a sneaky new malware strain masquerading as legitimate ionCube files. The malware, dubbed ionCube Malware, is used by cybercriminals to create backdoors on vulnerable websites allowing them to steal data or plant more malware. In the...

Sql injection

SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable...

Cross site scripting

The xssclean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting XSS attacks via an unclosed HTML tag...

CVE-2015-5725

SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable...

CVE-2013-4891

The xssclean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting XSS attacks via an unclosed HTML tag...

CVE-2013-4891

The CVE-2013-4891 entry documents a vulnerability in CodeIgniter’s xss_clean function prior to version 2.1.4. An unclosed HTML tag could allow remote attackers to bypass protection and perform cross-site scripting (XSS). Affected software: CodeIgniter 2.x ≤ 2.1.3; vulnerable component: xss_clean ...

CVE-2015-5725

The CVE pertains to CodeIgniter’s Active Record offset method, where an SQL injection vulnerability allows remote command execution via the offset variable in versions prior to 2.2.4. The connected sources confirm the affected component and version range; however, they do not provide exploit deta...

CVE-2013-4891

The xssclean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting XSS attacks via an unclosed HTML tag...

CVE-2015-5725

SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable...

sinarmasland.com XSS vulnerability

Open Bug Bounty ID: OBB-557363 Description| Value ---|--- Affected Website:| sinarmasland.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| CodeIgniter Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

FS Lynda Clone SQL Injection Vulnerability

FS Lynda Clone is a set of scripts for video learning websites written using the PHP Codelgniter framework. A SQL injection vulnerability exists in FS Lynda Clone version 1.0. A remote attacker can exploit the vulnerability by sending the 'keywords' parameter to tutorial/ to inject SQL commands...

FS Foodpanda Clone SQL Injection Vulnerability

FS Foodpanda Clone is a set of online food trading website scripts written using the PHP CodeIgniter framework. A SQL injection vulnerability exists in FS Foodpanda Clone version 1.0. A remote attacker can exploit this vulnerability to inject SQL commands...

FS Shutterstock Clone SQL Injection Vulnerability

FS Shutterstock Clone is a set of scripts for sharing media content online using the PHP CodeIgniter framework. The script supports online sharing of media content such as images, videos and music. A SQL injection vulnerability exists in FS Shutterstock Clone version 1.0. A remote attacker can...

FreeBSD : codeigniter -- input validation bypass (ef3423e4-d056-11e7-a52c-002590263bf5)

The CodeIgniter changelog reports : Security: Fixed a potential object injection in Cache Library 'apc' driver when save is used with $raw = TRUE. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...