Bitnami package
codeigniter
pkg:bitnami/codeigniter
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-21715 | — | >= 4.0.0, < 4.1.8 | 4.1.8 | Jan 24, 2022 | CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using `API\ResponseTrait`. Vers | ||
| CVE-2022-21647 | — | >= 4.0.0, < 4.1.6 | 4.1.6 | Jan 4, 2022 | CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the serv | ||
| CVE-2020-10793 | — | < 4.0.0 | 4.0.0 | Mar 23, 2020 | CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference |
- CVE-2022-21715Jan 24, 2022affected >= 4.0.0, < 4.1.8fixed 4.1.8
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using `API\ResponseTrait`. Vers
- CVE-2022-21647Jan 4, 2022affected >= 4.0.0, < 4.1.6fixed 4.1.6
CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the serv
- CVE-2020-10793Mar 23, 2020affected < 4.0.0fixed 4.0.0
CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference
Page 2 of 2