Critical severity9.8NVD Advisory· Published Sep 19, 2017· Updated Jun 17, 2026
CVE-2014-8686
CVE-2014-8686
Description
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*range: <=2.1.4
- (no CPE)range: <2.2.0
Patches
Vulnerability mechanics
References
4- beyondbinary.io/articles/seagate-nas-rce/nvdExploitThird Party Advisory
- packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.htmlnvdThird Party AdvisoryVDB Entry
- codeigniter.com/userguide2/changelog.htmlnvdVendor Advisory
- www.dionach.com/blog/codeigniter-session-decoding-vulnerabilitynvdThird Party Advisory
News mentions
0No linked articles in our index yet.