Packagist (Composer) package

ci4-cms-erp/ci4ms

pkg:composer/ci4-cms-erp/ci4ms

Vulnerabilities (33)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-34566	Cri	9.1	< 0.31.0.0	0.31.0.0	Apr 1, 2026	CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Page Management functionality when
CVE-2026-34565	Cri	9.1	< 0.31.0.0	0.31.0.0	Apr 1, 2026	CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Posts to navigation menus through
CVE-2026-34564	Cri	9.1	< 0.31.0.0	0.31.0.0	Apr 1, 2026	CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Pages to navigation menus through
CVE-2026-34563	Cri	9.1	< 0.31.0.0	0.31.0.0	Apr 1, 2026	CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when handling backup uploads and processing ba
CVE-2026-34562	Med	4.7	< 0.31.0.0	0.31.0.0	Apr 1, 2026	CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information.
CVE-2026-34561	Med	4.7	< 0.31.0.0	0.31.0.0	Apr 1, 2026	CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Social Media Manageme
CVE-2026-34560	Cri	9.1	< 0.31.0.0	0.31.0.0	Apr 1, 2026	CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exi
CVE-2026-34559	Cri	9.1	< 0.31.0.0	0.31.0.0	Apr 1, 2026	CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacke
CVE-2026-34558	Cri	9.1	< 0.31.0.0	0.31.0.0	Mar 30, 2026	CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Methods Management functionality wh
CVE-2026-34557	Cri	9.1	< 0.31.0.0	0.31.0.0	Mar 30, 2026	CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within group and role management functionality
CVE-2026-27599	Med	4.7	< 0.31.0.0	0.31.0.0	Mar 30, 2026	CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Mail Settings. Severa
CVE-2026-25510		—	< 0.28.5.0	0.28.5.0	Feb 3, 2026	CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution (RCE) by leveraging the fi
CVE-2026-25509		—	< 0.28.5.0	0.28.5.0	Feb 3, 2026	CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can

CVE-2026-34566CriApr 1, 2026
affected < 0.31.0.0fixed 0.31.0.0
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Page Management functionality when
CVE-2026-34565CriApr 1, 2026
affected < 0.31.0.0fixed 0.31.0.0
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Posts to navigation menus through
CVE-2026-34564CriApr 1, 2026
affected < 0.31.0.0fixed 0.31.0.0
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Pages to navigation menus through
CVE-2026-34563CriApr 1, 2026
affected < 0.31.0.0fixed 0.31.0.0
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when handling backup uploads and processing ba
CVE-2026-34562MedApr 1, 2026
affected < 0.31.0.0fixed 0.31.0.0
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information.
CVE-2026-34561MedApr 1, 2026
affected < 0.31.0.0fixed 0.31.0.0
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Social Media Manageme
CVE-2026-34560CriApr 1, 2026
affected < 0.31.0.0fixed 0.31.0.0
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exi
CVE-2026-34559CriApr 1, 2026
affected < 0.31.0.0fixed 0.31.0.0
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacke
CVE-2026-34558CriMar 30, 2026
affected < 0.31.0.0fixed 0.31.0.0
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Methods Management functionality wh
CVE-2026-34557CriMar 30, 2026
affected < 0.31.0.0fixed 0.31.0.0
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within group and role management functionality
CVE-2026-27599MedMar 30, 2026
affected < 0.31.0.0fixed 0.31.0.0
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Mail Settings. Severa
CVE-2026-25510Feb 3, 2026
affected < 0.28.5.0fixed 0.28.5.0
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution (RCE) by leveraging the fi
CVE-2026-25509Feb 3, 2026
affected < 0.28.5.0fixed 0.28.5.0
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can

Page 2 of 2