Skip to main content

Codeigniter

30 CVEs product

Monthly

CVE-2025-24013 PHP MEDIUM PATCH This Month

CodeIgniter is a PHP full-stack web framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Codeigniter
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-41344 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Codeigniter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-29904 PHP HIGH PATCH This Week

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Denial Of Service Codeigniter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46240 PHP HIGH PATCH This Week

CodeIgniter is a PHP full-stack web framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Codeigniter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-32692 PHP CRITICAL PATCH Act Now

CodeIgniter is a PHP full-stack web framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection PHP Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-46170 PHP CRITICAL PATCH Act Now

CodeIgniter is a PHP full-stack web framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

PHP Authentication Bypass Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-23556 PHP HIGH POC PATCH This Week

CodeIgniter is a PHP full-stack web framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Codeigniter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-40835 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40834 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40833 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40832 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40831 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40830 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40829 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40828 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40827 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40826 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40825 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40824 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39284 PHP MEDIUM POC PATCH This Month

CodeIgniter is a PHP full-stack web framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure PHP Codeigniter
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-35943 PHP HIGH POC PATCH This Week

Shield is an authentication and authorization framework for CodeIgniter 4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Codeigniter Shield
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-24712 PHP HIGH PATCH This Week

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF Codeigniter
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-24711 PHP CRITICAL PATCH Act Now

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-21647 PHP CRITICAL PATCH Act Now

CodeIgniter is an open source PHP full-stack web framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
37.7%
CVE-2020-10793 PHP HIGH This Week

CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Codeigniter
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2018-12071 PHP CRITICAL PATCH Act Now

A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Codeigniter
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2017-1000247 PHP HIGH PATCH This Week

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Apache Codeigniter
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2014-8686 CRITICAL POC THREAT Emergency

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 34.0%.

PHP Information Disclosure Codeigniter
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
34.0%
Threat
4.5
CVE-2014-8684 PHP CRITICAL POC PATCH THREAT Act Now

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 44.8%.

Code Injection PHP Codeigniter Kohana
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
44.8%
Threat
4.8
CVE-2016-10131 PHP CRITICAL PATCH GHSA Act Now

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Codeigniter
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

CodeIgniter is a PHP full-stack web framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Codeigniter
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Codeigniter
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Denial Of Service Codeigniter
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

CodeIgniter is a PHP full-stack web framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Codeigniter
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

CodeIgniter is a PHP full-stack web framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection PHP +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

CodeIgniter is a PHP full-stack web framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

PHP Authentication Bypass Codeigniter
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

CodeIgniter is a PHP full-stack web framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Codeigniter
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

CodeIgniter is a PHP full-stack web framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure PHP Codeigniter
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Shield is an authentication and authorization framework for CodeIgniter 4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Codeigniter +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF Codeigniter
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Codeigniter
NVD GitHub
EPSS 38% CVSS 9.8
CRITICAL PATCH Act Now

CodeIgniter is an open source PHP full-stack web framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP SQLi +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Codeigniter
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Codeigniter
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Apache Codeigniter
NVD
EPSS 34% 4.5 CVSS 9.8
CRITICAL POC THREAT Emergency

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 34.0%.

PHP Information Disclosure Codeigniter
NVD Exploit-DB
EPSS 45% 4.8 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 44.8%.

Code Injection PHP Codeigniter +1
NVD GitHub Exploit-DB
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Codeigniter
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy