Packagist (Composer) package
codeigniter/framework
pkg:composer/codeigniter/framework
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-24950 | — | < 1.4.10 | 1.4.10 | Aug 11, 2023 | SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. | ||
| CVE-2018-12071 | Cri | 9.8 | < 3.1.10 | 3.1.10 | Jun 17, 2018 | A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled. | |
| CVE-2014-8684 | Cri | 9.8 | < 3.0.0 | 3.0.0 | Sep 19, 2017 | CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes |
- CVE-2020-24950Aug 11, 2023affected < 1.4.10fixed 1.4.10
SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.
- affected < 3.1.10fixed 3.1.10
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.
- affected < 3.0.0fixed 3.0.0
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes