Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.11 views

CVE-2026-41891

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version...

5.3CVSS5.3AI score0.00269EPSS
Exploits0References1
NVD
NVD
added 2026/05/07 4:16 a.m.10 views

CVE-2026-41891

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version...

5.3CVSS0.00269EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 3:24 a.m.13 views

CVE-2026-41891

CI4MS (CodeIgniter 4-based CMS skeleton) has a deactivated/banned user bypass in versions 0.26.0–0.31.7.x due to the auth filter’s deactivated user check being commented out. The issue arises when an admin deactivates a user (active=0) after login: the user’s session remains valid and auth()->...

5.3CVSS5.7AI score0.00269EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 3:23 a.m.43 views

CVE-2026-41890 CI4MS: Arbitrary Database Table Drop via Theme deleteProcess

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are pass...

6.9CVSS0.00344EPSS
Exploits0References2
Rows per page
Query Builder