VYPR

Kohana

by Kohanaframework

Source repositories

CVEs (3)

  • CVE-2014-8684CriSep 19, 2017
    risk 0.65cvss 9.8epss 0.72

    CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic…

  • CVE-2016-10510MedAug 31, 2017
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php.

  • CVE-2019-8979Feb 21, 2019
    risk 0.01cvss epss 0.03

    Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled.