Ci4ms

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-25510 CRITICAL POC PATCH Act Now

CI4MS (CodeIgniter 4 CMS skeleton) has a code injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary PHP code through the CMS module system.

PHP RCE Ci4ms
NVD GitHub
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-25509 MEDIUM PATCH This Month

CI4MS prior to version 0.28.5.0 contains an email enumeration vulnerability in its password reset functionality that allows unauthenticated attackers to determine whether specific email addresses are registered in the system. An attacker can exploit this information disclosure by analyzing response patterns during the authentication process to build a list of valid user accounts. A patch is available in version 0.28.5.0 and later.

Information Disclosure Ci4ms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25510
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

CI4MS (CodeIgniter 4 CMS skeleton) has a code injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary PHP code through the CMS module system.

PHP RCE Ci4ms
NVD GitHub
CVE-2026-25509
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

CI4MS prior to version 0.28.5.0 contains an email enumeration vulnerability in its password reset functionality that allows unauthenticated attackers to determine whether specific email addresses are registered in the system. An attacker can exploit this information disclosure by analyzing response patterns during the authentication process to build a list of valid user accounts. A patch is available in version 0.28.5.0 and later.

Information Disclosure Ci4ms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy