Lucene search
K

4 matches found

NVD
NVD
added 2022/01/04 8:15 p.m.43 views

CVE-2022-21647

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a...

9.8CVSS0.37671EPSS
Exploits0References2
CVE
CVE
added 2022/01/04 8:5 p.m.84 views

CVE-2022-21647

Summary of CVE-2022-21647 (CodeIgniter4) : A deserialization of untrusted data flaw in CodeIgniter4's older() function enables remote attackers to inject auto-loadable objects and potentially execute PHP code, with downstream risk including SQL injection. The issue is evidenced across multiple so...

9.8CVSS9.2AI score0.37671EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/01/04 8:5 p.m.3 views

CVE-2022-21647 Deserialization of Untrusted Data in Codeigniter4

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a...

7.7CVSS8.5AI score0.37671EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2022/01/04 12:59 a.m.34 views

CVE-2022-21647: Deserialization of Untrusted Data in Codeigniter4

Description Impact Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL...

7.5CVSS10.1AI score0.37671EPSS
Exploits0Affected Software1
Rows per page
Query Builder