VulnerableCode Package Details - pkg:composer/codeigniter/framework@3.1.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/codeigniter/framework@3.1.1

Essentials
History (16)

purl	pkg:composer/codeigniter/framework@3.1.1

Next non-vulnerable version	4.3.5
Latest non-vulnerable version	4.3.5
Risk	4.5

Vulnerabilities affecting this package (16)

Vulnerability	Summary	Fixed by
VCID-1znc-1bss-pkaj Aliases: CVE-2023-46240 GHSA-hwxf-qxj7-7rfj	CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`.	There are no reported fixed by versions.
VCID-231k-qhpa-nbaa Aliases: CVE-2022-40830	B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.	There are no reported fixed by versions.
VCID-3y4t-drup-7bff Aliases: CVE-2022-40824	B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where() function. Note: Multiple third parties have disputed this as not a valid vulnerability.	There are no reported fixed by versions.
VCID-4n8d-t3h7-3uhp Aliases: CVE-2022-40828	B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.	There are no reported fixed by versions.
VCID-76nu-w1zz-m7f5 Aliases: CVE-2018-12071 GHSA-g434-3q2j-hj4r		3.1.10 Affected by 15 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-cf3d-xyya-q3hn Aliases: CVE-2022-40826	B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function. Note: Multiple third parties have disputed this as not a valid vulnerability.	There are no reported fixed by versions.
VCID-dbng-2m6j-1uha Aliases: CVE-2022-35943 GHSA-5hm8-vh6r-2cjq	Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct (or indirect, e.g., XSS) control over a subdomain site (e.g., `https://a.example.com/`) of the target site (e.g., `http://example.com/`). Upgrade to CodeIgniter v4.2.3 or later and Shield v1.0.0-beta.2 or later. As a workaround: set `Config\Security::$csrfProtection` to `'session,'`remove old session data right after login (immediately after ID and password match) and regenerate CSRF token right after login (immediately after ID and password match)	There are no reported fixed by versions.
VCID-dq2u-p7ju-6yfd Aliases: CVE-2023-32692 GHSA-m6m8-6gq8-c9fj GMS-2023-1562	CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5.	4.3.5 Affected by 0 other vulnerabilities.
VCID-eyc5-b6j3-y7hp Aliases: CVE-2022-40827	B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function. Note: Multiple third parties have disputed this as not a valid vulnerability.	There are no reported fixed by versions.
VCID-nhqd-xnc3-4ud7 Aliases: CVE-2022-40831		There are no reported fixed by versions.
VCID-ppr6-6ade-qket Aliases: CVE-2022-40835		There are no reported fixed by versions.
VCID-sh3e-qf4u-4uh1 Aliases: CVE-2022-40832		There are no reported fixed by versions.
VCID-tgf3-jb23-8qf4 Aliases: CVE-2022-40829	B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_like() function. Note: Multiple third parties have disputed this as not a valid vulnerability.	There are no reported fixed by versions.
VCID-u5z4-jmsw-1ydx Aliases: CVE-2022-40825		There are no reported fixed by versions.
VCID-vsj9-ajwc-t7b3 Aliases: CVE-2022-40833	B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.	There are no reported fixed by versions.
VCID-ykmc-6svu-nkhk Aliases: CVE-2022-40834		There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:10:03.030790+00:00	GitLab Importer	Affected by	VCID-1znc-1bss-pkaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2023-46240.yml	38.6.0
2026-06-12T18:56:05.862343+00:00	GitLab Importer	Affected by	VCID-dq2u-p7ju-6yfd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2023-32692.yml	38.6.0
2026-06-12T18:35:32.199508+00:00	GitLab Importer	Affected by	VCID-sh3e-qf4u-4uh1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40832.yml	38.6.0
2026-06-12T18:35:31.846337+00:00	GitLab Importer	Affected by	VCID-cf3d-xyya-q3hn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40826.yml	38.6.0
2026-06-12T18:35:31.258228+00:00	GitLab Importer	Affected by	VCID-231k-qhpa-nbaa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40830.yml	38.6.0
2026-06-12T18:35:31.070855+00:00	GitLab Importer	Affected by	VCID-vsj9-ajwc-t7b3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40833.yml	38.6.0
2026-06-12T18:35:30.669895+00:00	GitLab Importer	Affected by	VCID-nhqd-xnc3-4ud7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40831.yml	38.6.0
2026-06-12T18:35:30.465450+00:00	GitLab Importer	Affected by	VCID-ykmc-6svu-nkhk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40834.yml	38.6.0
2026-06-12T18:35:30.267179+00:00	GitLab Importer	Affected by	VCID-4n8d-t3h7-3uhp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40828.yml	38.6.0
2026-06-12T18:35:30.068717+00:00	GitLab Importer	Affected by	VCID-ppr6-6ade-qket	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40835.yml	38.6.0
2026-06-12T18:35:28.682081+00:00	GitLab Importer	Affected by	VCID-u5z4-jmsw-1ydx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40825.yml	38.6.0
2026-06-12T18:35:28.204972+00:00	GitLab Importer	Affected by	VCID-tgf3-jb23-8qf4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40829.yml	38.6.0
2026-06-12T18:35:22.226980+00:00	GitLab Importer	Affected by	VCID-eyc5-b6j3-y7hp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40827.yml	38.6.0
2026-06-12T18:35:22.036388+00:00	GitLab Importer	Affected by	VCID-3y4t-drup-7bff	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40824.yml	38.6.0
2026-06-12T18:29:40.074056+00:00	GitLab Importer	Affected by	VCID-dbng-2m6j-1uha	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-35943.yml	38.6.0
2026-06-12T18:11:28.477246+00:00	GitLab Importer	Affected by	VCID-76nu-w1zz-m7f5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2018-12071.yml	38.6.0