Search for packages
| purl | pkg:composer/codeigniter/framework@3.0rc |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1cv5-c88f-ebdt
Aliases: GMS-2015-40 |
XSS vulnerability There's an XSS attack vector in Security Library method `xss_clean()`. |
Affected by 18 other vulnerabilities. |
|
VCID-1euz-ns2t-43be
Aliases: GHSA-q9j3-4ghj-6h57 |
Inadequate XSS Prevention in CodeIgniter/Framework Security Library |
Affected by 18 other vulnerabilities. |
|
VCID-1znc-1bss-pkaj
Aliases: CVE-2023-46240 GHSA-hwxf-qxj7-7rfj |
CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`. | There are no reported fixed by versions. |
|
VCID-41bw-mjye-v3fb
Aliases: GMS-2015-65 |
Cross-site Scripting XSS attack vector in Security Library method `xss_clean()`. |
Affected by 18 other vulnerabilities. |
|
VCID-5uu7-gbbj-x3dk
Aliases: CVE-2014-8684 GHSA-w9ph-q4h9-rwq6 |
Affected by 22 other vulnerabilities. |
|
|
VCID-76nu-w1zz-m7f5
Aliases: CVE-2018-12071 GHSA-g434-3q2j-hj4r |
Affected by 15 other vulnerabilities. |
|
|
VCID-cunj-m81q-cben
Aliases: GMS-2016-55 |
Critical SQL injection bug in the ODBC database driver There's a critical SQL injection bug in the ODBC database driver. |
Affected by 16 other vulnerabilities. |
|
VCID-dbng-2m6j-1uha
Aliases: CVE-2022-35943 GHSA-5hm8-vh6r-2cjq |
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct (or indirect, e.g., XSS) control over a subdomain site (e.g., `https://a.example.com/`) of the target site (e.g., `http://example.com/`). Upgrade to **CodeIgniter v4.2.3 or later** and **Shield v1.0.0-beta.2 or later**. As a workaround: set `Config\Security::$csrfProtection` to `'session,'`remove old session data right after login (immediately after ID and password match) and regenerate CSRF token right after login (immediately after ID and password match) | There are no reported fixed by versions. |
|
VCID-dq2u-p7ju-6yfd
Aliases: CVE-2023-32692 GHSA-m6m8-6gq8-c9fj GMS-2023-1562 |
CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5. |
Affected by 0 other vulnerabilities. |
|
VCID-ek73-5du4-cyfk
Aliases: GMS-2016-130 |
SQL Injection Critical SQL injection bug in the ODBC database driver. |
Affected by 16 other vulnerabilities. |
|
VCID-ypn2-2ubu-pfhn
Aliases: GHSA-27qr-636m-wxg2 |
codeigniter/framework SQL injection in ODBC database driver |
Affected by 16 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||