VYPR

Packagist (Composer) package

codeigniter/framework

pkg:composer/codeigniter/framework

Vulnerabilities (3)

  • CVE-2020-24950Aug 11, 2023
    affected < 1.4.10fixed 1.4.10

    SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.

  • CVE-2018-12071CriJun 17, 2018
    affected < 3.1.10fixed 3.1.10

    A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.

  • CVE-2014-8684CriSep 19, 2017
    affected < 3.0.0fixed 3.0.0

    CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes