8 matches found
BIT-CODEIGNITER-2022-46170
CodeIgniter is a PHP full-stack web framework. When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user...
Authentication Bypass
codeigniter4/framework is vulnerable to authentication bypass. The vulnerability exists due to the improper session handling in the library when the session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, allowing an attacker to access pages that require another session cook...
GHSA-6CQ5-8CJ7-G558 CodeIgniter4 Potential Session Handlers Vulnerability
Impact When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user pages, they may be able to access pages...
CodeIgniter4 Potential Session Handlers Vulnerability
Impact When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user pages, they may be able to access pages...
CVE-2022-46170
CodeIgniter is a PHP full-stack web framework. When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user...
CVE-2022-46170 CodeIgniter is vulnerable to improper authentication via Session Handlers
CodeIgniter is a PHP full-stack web framework. When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user...
CVE-2022-46170 CodeIgniter is vulnerable to improper authentication via Session Handlers
CodeIgniter is a PHP full-stack web framework. When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user...
CVE-2022-46170: Potential Session Handlers Vulnerability
Impact When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user pages, they may be able to access pages...