4 matches found
CVE-2022-21647
CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a...
CVE-2022-21647
Summary of CVE-2022-21647 (CodeIgniter4) : A deserialization of untrusted data flaw in CodeIgniter4's older() function enables remote attackers to inject auto-loadable objects and potentially execute PHP code, with downstream risk including SQL injection. The issue is evidenced across multiple so...
CVE-2022-21647 Deserialization of Untrusted Data in Codeigniter4
CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a...
CVE-2022-21647: Deserialization of Untrusted Data in Codeigniter4
Description Impact Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL...