Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/codeigniter4/framework@4.0.0
Typecomposer
Namespacecodeigniter4
Nameframework
Version4.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.0.1
Latest_non_vulnerable_version4.5.8
Affected_by_vulnerabilities
0
url VCID-283r-1kb4-9kew
vulnerability_id VCID-283r-1kb4-9kew
summary 
Improper Input Validation
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24711
reference_id
reference_type
scores
0
value 0.00413
scoring_system epss
scoring_elements 0.61847
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24711
1
reference_url https://github.com/codeigniter4/CodeIgniter4
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4
2
reference_url https://github.com/codeigniter4/CodeIgniter4/commit/202f41ad522ba1d414b9d9c35aba1cb0c156b781
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4/commit/202f41ad522ba1d414b9d9c35aba1cb0c156b781
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-24711.yaml
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-24711.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24711
reference_id CVE-2022-24711
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24711
5
reference_url https://github.com/advisories/GHSA-xjp4-6w75-qrj7
reference_id GHSA-xjp4-6w75-qrj7
reference_type
scores
url https://github.com/advisories/GHSA-xjp4-6w75-qrj7
6
reference_url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-xjp4-6w75-qrj7
reference_id GHSA-xjp4-6w75-qrj7
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-xjp4-6w75-qrj7
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.1.9
purl pkg:composer/codeigniter4/framework@4.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.1.9
aliases CVE-2022-24711, GHSA-xjp4-6w75-qrj7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-283r-1kb4-9kew
1
url VCID-37gx-8aen-k7hs
vulnerability_id VCID-37gx-8aen-k7hs
summary 
Improper Privilege Management
CodeIgniter allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown website built with the CodeIgniter framework but that CodeIgniter is not responsible for introducing this issue because the framework has never provided a login screen, nor any kind of login or user management facilities beyond a Session library.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10793
reference_id
reference_type
scores
0
value 0.00538
scoring_system epss
scoring_elements 0.67901
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10793
1
reference_url https://codeigniter4.github.io/userguide/extending/authentication.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://codeigniter4.github.io/userguide/extending/authentication.html
2
reference_url https://github.com/codeigniter4/framework
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/framework
3
reference_url https://medium.com/@vbharad/account-takeover-via-modifying-email-id-codeigniter-framework-ca30741ad297
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://medium.com/@vbharad/account-takeover-via-modifying-email-id-codeigniter-framework-ca30741ad297
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10793
reference_id CVE-2020-10793
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10793
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.0.1
purl pkg:composer/codeigniter4/framework@4.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.0.1
aliases CVE-2020-10793, GHSA-jwqp-wh5g-4gmm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37gx-8aen-k7hs
2
url VCID-3jm3-513z-p7ed
vulnerability_id VCID-3jm3-513z-p7ed
summary CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL injection. Users are advised to upgrade to v4.1.6 or later. Users unable to upgrade as advised to not use the `old()` function and form_helper nor `RedirectResponse::withInput()` and `redirect()->withInput()`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-21647
reference_id
reference_type
scores
0
value 0.09938
scoring_system epss
scoring_elements 0.93164
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-21647
1
reference_url https://github.com/codeigniter4/CodeIgniter4
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4
2
reference_url https://github.com/codeigniter4/CodeIgniter4/commit/ce95ed5765256e2f09f3513e7d42790e0d6948f5
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4/commit/ce95ed5765256e2f09f3513e7d42790e0d6948f5
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-21647.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-21647.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-21647
reference_id CVE-2022-21647
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-21647
5
reference_url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-w6jr-wj64-mc9x
reference_id GHSA-w6jr-wj64-mc9x
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-w6jr-wj64-mc9x
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.1.6
purl pkg:composer/codeigniter4/framework@4.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.1.6
aliases CVE-2022-21647, GHSA-w6jr-wj64-mc9x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3jm3-513z-p7ed
3
url VCID-fpsw-s5r4-5uhe
vulnerability_id VCID-fpsw-s5r4-5uhe
summary CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for this vulnerability, but users will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF protection may be bypassed. If auto-routing is enabled, check the request method in the controller method before processing. If auto-routing is disabled, either avoid using `$routes->add()` and instead use HTTP verbs in routes; or check the request method in the controller method before processing.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24712
reference_id
reference_type
scores
0
value 0.00076
scoring_system epss
scoring_elements 0.22875
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24712
1
reference_url https://github.com/codeigniter4/CodeIgniter4/blob/7dc2ece32401ebde67122f7d2460efcaee7c352e/user_guide_src/source/changelogs/v4.1.9.rst
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4/blob/7dc2ece32401ebde67122f7d2460efcaee7c352e/user_guide_src/source/changelogs/v4.1.9.rst
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24712
reference_id CVE-2022-24712
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24712
3
reference_url https://github.com/advisories/GHSA-4v37-24gm-h554
reference_id GHSA-4v37-24gm-h554
reference_type
scores
url https://github.com/advisories/GHSA-4v37-24gm-h554
4
reference_url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-4v37-24gm-h554
reference_id GHSA-4v37-24gm-h554
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-4v37-24gm-h554
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.1.9
purl pkg:composer/codeigniter4/framework@4.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.1.9
aliases CVE-2022-24712, GHSA-4v37-24gm-h554
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fpsw-s5r4-5uhe
4
url VCID-pskc-ec8x-wyc2
vulnerability_id VCID-pskc-ec8x-wyc2
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CodeIgniter4 is the branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 Attackers can do XSS attacks if a potential victim is using `API\ResponseTrait`. contains a patch for this vulnerability. There are two potential workarounds available. Users may avoid using `API\ResponseTrait` or `ResourceController` Users may also disable Auto Route and use defined routes only.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-21715
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.5936
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-21715
1
reference_url https://codeigniter4.github.io/userguide/incoming/routing.html#use-defined-routes-only
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://codeigniter4.github.io/userguide/incoming/routing.html#use-defined-routes-only
2
reference_url https://github.com/codeigniter4/CodeIgniter4/commit/70d881cf5322b7c32e69516aebd2273ac6a1e8dd
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4/commit/70d881cf5322b7c32e69516aebd2273ac6a1e8dd
3
reference_url https://github.com/codeigniter4/framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/framework
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-21715.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-21715.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-21715
reference_id CVE-2022-21715
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-21715
6
reference_url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-7528-7jg5-6g62
reference_id GHSA-7528-7jg5-6g62
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-7528-7jg5-6g62
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.1.8
purl pkg:composer/codeigniter4/framework@4.1.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.1.8
aliases CVE-2022-21715, GHSA-7528-7jg5-6g62
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pskc-ec8x-wyc2
Fixing_vulnerabilities
0
url VCID-fvpd-px29-47hf
vulnerability_id VCID-fvpd-px29-47hf
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-26624
reference_id
reference_type
scores
0
value 0.00327
scoring_system epss
scoring_elements 0.55919
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-26624
1
reference_url https://drive.google.com/file/d/1Dp0dD9PNcwamjRi0ldD0hUOEivu48SR6/view?usp=sharing
reference_id
reference_type
scores
url https://drive.google.com/file/d/1Dp0dD9PNcwamjRi0ldD0hUOEivu48SR6/view?usp=sharing
2
reference_url https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/blob/master/application/modules/vendor/views/add_product.php#L35
reference_id
reference_type
scores
url https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/blob/master/application/modules/vendor/views/add_product.php#L35
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-26624
reference_id CVE-2022-26624
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-26624
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.0.0
purl pkg:composer/codeigniter4/framework@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-283r-1kb4-9kew
1
vulnerability VCID-37gx-8aen-k7hs
2
vulnerability VCID-3jm3-513z-p7ed
3
vulnerability VCID-fpsw-s5r4-5uhe
4
vulnerability VCID-pskc-ec8x-wyc2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.0.0
aliases CVE-2022-26624
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fvpd-px29-47hf
1
url VCID-s814-tdxe-1baf
vulnerability_id VCID-s814-tdxe-1baf
summary A Session Fixation issue exists in CodeIgniter because `session.use_strict_mode` in the Session Library was mishandled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12071
reference_id
reference_type
scores
0
value 0.00242
scoring_system epss
scoring_elements 0.4767
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12071
1
reference_url https://github.com/bcit-ci/CodeIgniter
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/bcit-ci/CodeIgniter
2
reference_url https://github.com/bcit-ci/CodeIgniter/commit/800a20d6c4662d99ae0988b2f8f2238bb8bb29db
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/bcit-ci/CodeIgniter/commit/800a20d6c4662d99ae0988b2f8f2238bb8bb29db
3
reference_url https://github.com/bcit-ci/CodeIgniter/commit/a9da3dd2f16a8f97d7bc4ff5572b28e4bb84c813#diff-32788a4d3748e8818044886ab43241179c7f5f5b82e979e73146669ca6e2da1cR306
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/bcit-ci/CodeIgniter/commit/a9da3dd2f16a8f97d7bc4ff5572b28e4bb84c813#diff-32788a4d3748e8818044886ab43241179c7f5f5b82e979e73146669ca6e2da1cR306
4
reference_url https://github.com/bcit-ci/CodeIgniter/issues/5958
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/bcit-ci/CodeIgniter/issues/5958
5
reference_url https://web.archive.org/web/20181115214804/https://www.codeigniter.com/user_guide/changelog.html#version-3-1-9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20181115214804/https://www.codeigniter.com/user_guide/changelog.html#version-3-1-9
6
reference_url https://www.codeigniter.com/user_guide/changelog.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.codeigniter.com/user_guide/changelog.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12071
reference_id CVE-2018-12071
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12071
8
reference_url https://github.com/advisories/GHSA-g434-3q2j-hj4r
reference_id GHSA-g434-3q2j-hj4r
reference_type
scores
url https://github.com/advisories/GHSA-g434-3q2j-hj4r
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.0.0
purl pkg:composer/codeigniter4/framework@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-283r-1kb4-9kew
1
vulnerability VCID-37gx-8aen-k7hs
2
vulnerability VCID-3jm3-513z-p7ed
3
vulnerability VCID-fpsw-s5r4-5uhe
4
vulnerability VCID-pskc-ec8x-wyc2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.0.0
aliases CVE-2018-12071, GHSA-g434-3q2j-hj4r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s814-tdxe-1baf
2
url VCID-xueg-x3e8-bqak
vulnerability_id VCID-xueg-x3e8-bqak
summary 
Injection Vulnerability
`system/libraries/Email.php` in CodeIgniter allows remote attackers to execute arbitrary code by leveraging control over the `email->from` field to insert sendmail command-line arguments.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10131
reference_id
reference_type
scores
0
value 0.03122
scoring_system epss
scoring_elements 0.87087
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10131
1
reference_url https://github.com/codeigniter4/framework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/framework
2
reference_url https://www.codeigniter.com/userguide3/changelog.html#bug-fixes-for-3-1-3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.codeigniter.com/userguide3/changelog.html#bug-fixes-for-3-1-3
3
reference_url http://www.securityfocus.com/bid/96851
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/96851
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10131
reference_id CVE-2016-10131
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10131
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.0.0
purl pkg:composer/codeigniter4/framework@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-283r-1kb4-9kew
1
vulnerability VCID-37gx-8aen-k7hs
2
vulnerability VCID-3jm3-513z-p7ed
3
vulnerability VCID-fpsw-s5r4-5uhe
4
vulnerability VCID-pskc-ec8x-wyc2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.0.0
aliases CVE-2016-10131, GHSA-2pcj-76hj-xqhm
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xueg-x3e8-bqak
3
url VCID-xwf7-ef5d-yffc
vulnerability_id VCID-xwf7-ef5d-yffc
summary 
Improper Input Validation
British Columbia Institute of Technology CodeIgniter is vulnerable to HTTP Header Injection in the `set_status_header()` common function under Apache resulting in HTTP Header Injection flaws.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000247
reference_id
reference_type
scores
0
value 0.00241
scoring_system epss
scoring_elements 0.47576
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000247
1
reference_url https://github.com/codeigniter4/framework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/framework
2
reference_url https://www.codeigniter.com/userguide3/changelog.html#version-3-1-4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.codeigniter.com/userguide3/changelog.html#version-3-1-4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000247
reference_id CVE-2017-1000247
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000247
fixed_packages
0
url pkg:composer/codeigniter4/framework@3.1.4
purl pkg:composer/codeigniter4/framework@3.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@3.1.4
1
url pkg:composer/codeigniter4/framework@4.0.0
purl pkg:composer/codeigniter4/framework@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-283r-1kb4-9kew
1
vulnerability VCID-37gx-8aen-k7hs
2
vulnerability VCID-3jm3-513z-p7ed
3
vulnerability VCID-fpsw-s5r4-5uhe
4
vulnerability VCID-pskc-ec8x-wyc2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.0.0
aliases CVE-2017-1000247, GHSA-j9f9-8j39-4g97
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xwf7-ef5d-yffc
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.0.0