Lucene search
K

6 matches found

GithubExploit
GithubExploit
added 2026/05/25 10:18 a.m.105 views

tplink-priv-zero

TP-Link TL-WR841N v14 — Authenticated OS Command Injection RC...

6.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/08 7:16 p.m.9 views

CI4MS Vulnerable to .env CRLF Injection via Unvalidated `host` Parameter in Install Controller

Summary The Install::index controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings, which writes it into the .env file via pregreplace. Because newline characters in the value are not stripped, an attacker can inject arbitrary configuration...

9.8CVSS6.1AI score0.00516EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/08 7:16 p.m.3 views

GHSA-VFHX-5459-QHQH CI4MS Vulnerable to .env CRLF Injection via Unvalidated `host` Parameter in Install Controller

Summary The Install::index controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings, which writes it into the .env file via pregreplace. Because newline characters in the value are not stripped, an attacker can inject arbitrary configuration...

8.1CVSS5.9AI score0.00516EPSS
Exploits1References4
NVD
NVD
added 2026/04/08 3:16 p.m.7 views

CVE-2026-39394

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings, which...

9.8CVSS0.00516EPSS
Exploits1References1
CVE
CVE
added 2026/04/08 2:32 p.m.13 views

CVE-2026-39394

CI4MS vulnerable to CRLF injection in .env via unvalidated host parameter in Install::index(). Before 0.31.4.0, host is read without validation and appended to .env through updateEnvSettings() using preg_replace(), allowing newline characters to inject arbitrary key=value lines (e.g., app.baseURL...

9.8CVSS6.1AI score0.00516EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.11 views

PT-2026-31321

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.4.0 Description CI4MS, a CodeIgniter 4-based CMS, is susceptible to arbitrary configuration injection via the .env file. The Install::index controller does not validate the host POST parameter before passing it to...

8.1CVSS6.1AI score0.00516EPSS
Exploits1References8
Rows per page
Query Builder