VYPR

Codeigniter

by Codeigniter

Source repositories

CVEs (37)

  • CVE-2022-40828Oct 7, 2022
    risk 0.00cvss epss 0.01

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.

  • CVE-2022-40824Oct 7, 2022
    risk 0.00cvss epss 0.01

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where() function. Note: Multiple third parties have disputed this as not a valid vulnerability.

  • CVE-2022-40830Oct 7, 2022
    risk 0.00cvss epss 0.01

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.

  • CVE-2022-40826Oct 7, 2022
    risk 0.00cvss epss 0.01

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function. Note: Multiple third parties have disputed this as not a valid vulnerability.

  • CVE-2022-40831Oct 7, 2022
    risk 0.00cvss epss 0.01

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php like() function. Note: Multiple third parties have disputed this as not a valid vulnerability.

  • CVE-2022-40827Oct 7, 2022
    risk 0.00cvss epss 0.01

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function. Note: Multiple third parties have disputed this as not a valid vulnerability.

  • CVE-2022-40825Oct 7, 2022
    risk 0.00cvss epss 0.01

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.

  • CVE-2022-39284Oct 6, 2022
    risk 0.00cvss epss 0.01

    CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exposed to scripts. It should be…

  • CVE-2022-24712Feb 28, 2022
    risk 0.00cvss epss 0.01

    CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There…

  • CVE-2022-24711Feb 28, 2022
    risk 0.00cvss epss 0.01

    CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for…

  • CVE-2022-21715Jan 24, 2022
    risk 0.00cvss epss 0.01

    CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using `API\ResponseTrait`.…

  • CVE-2022-21647Jan 4, 2022
    risk 0.00cvss epss 0.38

    CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the…

  • CVE-2011-3719Sep 23, 2011
    risk 0.00cvss epss 0.01

    CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files.

  • CVE-2007-3708Jul 11, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization…

  • CVE-2007-3706Jul 11, 2007
    risk 0.00cvss epss 0.01

    The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie.

  • CVE-2007-3707Jul 11, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enable_query_strings is true, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.

  • CVE-2007-3709Jul 11, 2007
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in the redirect function in url_helper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header.

Page 2 of 2