VulnerableCode Package Details - pkg:composer/codeigniter/framework@3.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-3kby-g5ka-cff3 Aliases: GMS-2016-130	SQL Injection Critical SQL injection bug in the ODBC database driver.	3.1.0 Affected by 0 other vulnerabilities.
VCID-8wbz-we3g-x3ep Aliases: GMS-2015-65	Cross-site Scripting XSS attack vector in Security Library method `xss_clean()`.	3.0.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-a6px-3qen-euct Aliases: GMS-2016-55	Critical SQL injection bug in the ODBC database driver There's a critical SQL injection bug in the ODBC database driver.	3.1.0 Affected by 0 other vulnerabilities.
VCID-gubk-qp7e-h7f4 Aliases: GMS-2015-40	XSS vulnerability There's an XSS attack vector in Security Library method `xss_clean()`.	3.0.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-3kby-g5ka-cff3
Aliases:
GMS-2016-130

SQL Injection Critical SQL injection bug in the ODBC database driver.

3.1.0
Affected by 0 other vulnerabilities.

VCID-8wbz-we3g-x3ep
Aliases:
GMS-2015-65

Cross-site Scripting XSS attack vector in Security Library method `xss_clean()`.

3.0.3
Affected by 1 other vulnerability.

VCID-a6px-3qen-euct
Aliases:
GMS-2016-55

Critical SQL injection bug in the ODBC database driver There's a critical SQL injection bug in the ODBC database driver.

3.1.0
Affected by 0 other vulnerabilities.

VCID-gubk-qp7e-h7f4
Aliases:
GMS-2015-40

XSS vulnerability There's an XSS attack vector in Security Library method `xss_clean()`.

3.0.3
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-9gnz-bcac-5ygs	CodeIgniter and Kohana vulnerable to PHP Object Injection CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.	CVE-2014-8684 GHSA-w9ph-q4h9-rwq6

Vulnerability

Summary

Aliases

VCID-9gnz-bcac-5ygs

CodeIgniter and Kohana vulnerable to PHP Object Injection CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.

CVE-2014-8684
GHSA-w9ph-q4h9-rwq6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:06:17.132132+00:00	GitLab Importer	Affected by	VCID-a6px-3qen-euct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/GMS-2016-55.yml	38.6.0
2026-06-04T20:05:09.054777+00:00	GitLab Importer	Affected by	VCID-gubk-qp7e-h7f4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/GMS-2015-40.yml	38.6.0
2026-06-04T20:05:08.955944+00:00	GitLab Importer	Affected by	VCID-8wbz-we3g-x3ep	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/GMS-2015-65.yml	38.6.0
2026-06-04T20:04:57.369062+00:00	GitLab Importer	Affected by	VCID-3kby-g5ka-cff3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/GMS-2016-130.yml	38.6.0
2026-06-04T17:58:41.195026+00:00	GithubOSV Importer	Fixing	VCID-9gnz-bcac-5ygs	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w9ph-q4h9-rwq6/GHSA-w9ph-q4h9-rwq6.json	38.6.0
2026-06-02T04:43:44.898719+00:00	GitLab Importer	Fixing	VCID-9gnz-bcac-5ygs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2014-8684.yml	38.6.0