HTTP Header Injection

CodeIgniter framework is vulnerable to HTTP header injection attacks. These attacks are possible through the setstatusheader function...

CVE-2017-1000247

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...

Design/Logic Flaw

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...

CVE-2017-1000247

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...

CVE-2017-1000247

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...

CVE-2017-1000247

CVE-2017-1000247 affects CodeIgniter 3.1.3 with an HTTP header injection vulnerability in set_status_header() under Apache. Root cause is injection via header handling in that function, leading to header manipulation. A patch is available in CodeIgniter 3.1.4 (see changelog link). If using 3.1.3,...

GHSA-Q4QQ-FM7Q-CWP5 Multiple XSS Filter Bypasses in validator

Versions of validator prior to 1.1.0 are affected by several cross-site scripting vulnerabilities due to bypasses discovered in the blacklist-based filter. Proof of Concept Various inputs that could bypass the filter were discovered: Improper parsing of nested tags: This is a test Incomplete...

Multiple XSS Filter Bypasses in validator

Versions of validator prior to 1.1.0 are affected by several cross-site scripting vulnerabilities due to bypasses discovered in the blacklist-based filter. Proof of Concept Various inputs that could bypass the filter were discovered: Improper parsing of nested tags: This is a test Incomplete...

British Columbia Institute of Technology CodeIgniter HTTP Packet Header Injection Vulnerability

British Columbia Institute of Technology CodeIgniter is the British Columbia Institute of Technology British Columbia Institute of Technology for PHP web developers to use a set of application development framework and toolkit . An HTTP packet header injection vulnerability exists in the...

CodeIgniter: If the developer forgets to remove the built in controller welcome.php it helps the attacker to identify that the site is built with Codeigniter

The attacker can check the website's backend technology simply by typing sitename/index.php/welcome/index it will display the codeigniter welcome page if the developer dosen't removed the built in controller and view welcome.php and welcomemessage.php i attaching a screenshot below as a proof of...

codeigniter -- input validation bypass

The CodeIgniter changelog reports: Security: Fixed a potential object injection in Cache Library 'apc' driver when save is used with $raw = TRUE...

CVE-2014-8684

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes...

CVE-2014-8686

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available...

Design/Logic Flaw

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes...

Code injection

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available...

CVE-2014-8686

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available...

CVE-2014-8686

CodeIgniter vulnerability CVE-2014-8686 (CodeIgniter before 2.2.0) allows attackers to decode and manipulate the ci_session cookie by falling back to a custom XOR-based scheme when the PHP Mcrypt extension is unavailable. Public references describe exploitation via extracting the encryption key, ...

CVE-2014-8684

CVE-2014-8684 affects CodeIgniter before 3.0 and Kohana 3.2.3 and earlier, and 3.3.x through 3.3.2. The issue arises from using standard string comparison operators to compare cryptographic hashes, which enables remote attackers to spoof session cookies and conduct PHP object injection attacks. E...

Arbitrary Code Execution

bcit-ci/codeigniter is vulnerable to arbitrary code execution. A flaw in system/libraries/Email.php allows attackers to leveraging control over the email - from field to insert sendmail command-line arguments...

FreeBSD : codeigniter -- input validation bypass (aaedf196-6436-11e7-8b49-002590263bf5)

The CodeIgniter changelog reports : Form Validation Library rule validemail could be bypassed if idntoascii is available. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-201...