Critical severityNVD Advisory· Published May 30, 2023· Updated Jan 10, 2025
Remote Code Execution Vulnerability in Validation Placeholders
CVE-2023-32692
Description
CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
codeigniter4/frameworkPackagist | < 4.3.5 | 4.3.5 |
Affected products
3- osv-coords2 versions
< 4.3.5+ 1 more
- (no CPE)range: < 4.3.5
- (no CPE)range: < 4.3.5
- Range: < 4.3.5
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-m6m8-6gq8-c9fjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-32692ghsaADVISORY
- github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.mdghsax_refsource_MISCWEB
- github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.mdghsaWEB
- github.com/codeigniter4/CodeIgniter4/commit/6af677177fa1d9ad62f7a793bc96cba3068632baghsaWEB
- github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-m6m8-6gq8-c9fjghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.