{"url":"http://public2.vulnerablecode.io/api/packages/1025730?format=json","purl":"pkg:composer/ci4-cms-erp/ci4ms@0.31.5.0","type":"composer","namespace":"ci4-cms-erp","name":"ci4ms","version":"0.31.5.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.31.8.0","latest_non_vulnerable_version":"31.0.0+0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80965?format=json","vulnerability_id":"VCID-28yh-hjbw-w7ce","summary":"CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version 0.31.8.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41891","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.04083","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41891"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ci4-cms-erp/ci4ms"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms/commit/2f38284281ce6b435ea42003951f14109ac2cea7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ci4-cms-erp/ci4ms/commit/2f38284281ce6b435ea42003951f14109ac2cea7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41891","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41891"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.8.0","reference_id":"0.31.8.0","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:47:29Z/"}],"url":"https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.8.0"},{"reference_url":"https://github.com/advisories/GHSA-5hfv-c864-qcq9","reference_id":"GHSA-5hfv-c864-qcq9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5hfv-c864-qcq9"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-5hfv-c864-qcq9","reference_id":"GHSA-5hfv-c864-qcq9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:47:29Z/"}],"url":"https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-5hfv-c864-qcq9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40916?format=json","purl":"pkg:composer/ci4-cms-erp/ci4ms@0.31.8%2B0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7qqh-neay-nbak"},{"vulnerability":"VCID-emhm-thb4-rqbz"},{"vulnerability":"VCID-uw4z-hv4s-efe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ci4-cms-erp/ci4ms@0.31.8%252B0"},{"url":"http://public2.vulnerablecode.io/api/packages/1053388?format=json","purl":"pkg:composer/ci4-cms-erp/ci4ms@0.31.8.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ci4-cms-erp/ci4ms@0.31.8.0"}],"aliases":["CVE-2026-41891","GHSA-5hfv-c864-qcq9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28yh-hjbw-w7ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80748?format=json","vulnerability_id":"VCID-48sm-mr7f-ducd","summary":"CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution (RCE) by uploading a crafted ZIP file. PHP files inside the ZIP are installed into the web-accessible public/ directory with no extension or content filtering, making them directly executable via HTTP. This issue has been patched in version 0.31.7.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41587","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30859","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41587"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ci4-cms-erp/ci4ms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41587","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41587"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms/commit/b969465e71eacd9eb57014ad1fce1fc34fa7bca0","reference_id":"b969465e71eacd9eb57014ad1fce1fc34fa7bca0","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-07T13:43:14Z/"}],"url":"https://github.com/ci4-cms-erp/ci4ms/commit/b969465e71eacd9eb57014ad1fce1fc34fa7bca0"},{"reference_url":"https://github.com/advisories/GHSA-fw49-9xq4-gmx6","reference_id":"GHSA-fw49-9xq4-gmx6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fw49-9xq4-gmx6"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-fw49-9xq4-gmx6","reference_id":"GHSA-fw49-9xq4-gmx6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-07T13:43:14Z/"}],"url":"https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-fw49-9xq4-gmx6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374281?format=json","purl":"pkg:composer/ci4-cms-erp/ci4ms@0.31.7%2B0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-28yh-hjbw-w7ce"},{"vulnerability":"VCID-dsph-q7jr-qudx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ci4-cms-erp/ci4ms@0.31.7%252B0"},{"url":"http://public2.vulnerablecode.io/api/packages/1030843?format=json","purl":"pkg:composer/ci4-cms-erp/ci4ms@0.31.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-28yh-hjbw-w7ce"},{"vulnerability":"VCID-dsph-q7jr-qudx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ci4-cms-erp/ci4ms@0.31.7.0"}],"aliases":["CVE-2026-41587","GHSA-fw49-9xq4-gmx6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-48sm-mr7f-ducd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80610?format=json","vulnerability_id":"VCID-dsph-q7jr-qudx","summary":"CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess() action accepts a POST parameter tables[] containing arbitrary table names. These are passed directly to $forge->dropTable() without validating that the tables belong to the theme being deleted. The deleteConfirm view correctly populates tables[] from the theme's own migration files, but the server-side deleteProcess does not verify the received values against those files. An authenticated admin can craft a POST request with arbitrary table names and drop any table in the database. This issue has been patched in version 0.31.8.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41890","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0974","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41890"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ci4-cms-erp/ci4ms"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms/commit/2f38284281ce6b435ea42003951f14109ac2cea7","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ci4-cms-erp/ci4ms/commit/2f38284281ce6b435ea42003951f14109ac2cea7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41890","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41890"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.8.0","reference_id":"0.31.8.0","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:42:31Z/"}],"url":"https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.8.0"},{"reference_url":"https://github.com/advisories/GHSA-vgrf-pr28-vf98","reference_id":"GHSA-vgrf-pr28-vf98","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vgrf-pr28-vf98"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-vgrf-pr28-vf98","reference_id":"GHSA-vgrf-pr28-vf98","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:42:31Z/"}],"url":"https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-vgrf-pr28-vf98"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40916?format=json","purl":"pkg:composer/ci4-cms-erp/ci4ms@0.31.8%2B0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7qqh-neay-nbak"},{"vulnerability":"VCID-emhm-thb4-rqbz"},{"vulnerability":"VCID-uw4z-hv4s-efe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ci4-cms-erp/ci4ms@0.31.8%252B0"},{"url":"http://public2.vulnerablecode.io/api/packages/1053388?format=json","purl":"pkg:composer/ci4-cms-erp/ci4ms@0.31.8.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ci4-cms-erp/ci4ms@0.31.8.0"}],"aliases":["CVE-2026-41890","GHSA-vgrf-pr28-vf98"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dsph-q7jr-qudx"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81132?format=json","vulnerability_id":"VCID-11ah-ukzq-k7ch","summary":"CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the backup create permission to write files to arbitrary filesystem locations (Zip Slip) and achieve remote code execution by dropping a PHP file under the public web root. This issue has been patched in version 0.31.5.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41202","reference_id":"","reference_type":"","scores":[{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67847","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41202"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ci4-cms-erp/ci4ms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41202","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41202"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.5.0","reference_id":"0.31.5.0","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-07T12:39:58Z/"}],"url":"https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.5.0"},{"reference_url":"https://github.com/advisories/GHSA-xp9f-pvvc-57p4","reference_id":"GHSA-xp9f-pvvc-57p4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xp9f-pvvc-57p4"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-xp9f-pvvc-57p4","reference_id":"GHSA-xp9f-pvvc-57p4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-07T12:39:58Z/"}],"url":"https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-xp9f-pvvc-57p4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373403?format=json","purl":"pkg:composer/ci4-cms-erp/ci4ms@0.31.5%2B0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ci4-cms-erp/ci4ms@0.31.5%252B0"},{"url":"http://public2.vulnerablecode.io/api/packages/1025730?format=json","purl":"pkg:composer/ci4-cms-erp/ci4ms@0.31.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-28yh-hjbw-w7ce"},{"vulnerability":"VCID-48sm-mr7f-ducd"},{"vulnerability":"VCID-dsph-q7jr-qudx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ci4-cms-erp/ci4ms@0.31.5.0"}],"aliases":["CVE-2026-41202","GHSA-xp9f-pvvc-57p4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11ah-ukzq-k7ch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80740?format=json","vulnerability_id":"VCID-dq3s-2u24-skhq","summary":"CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated via a sql file that tampers with the file name field to contain hidden XSS payload. This issue has been patched in version 0.31.5.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41201","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19725","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41201"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ci4-cms-erp/ci4ms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41201","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41201"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.5.0","reference_id":"0.31.5.0","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T14:07:25Z/"}],"url":"https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.5.0"},{"reference_url":"https://github.com/advisories/GHSA-qxpq-82f3-xj47","reference_id":"GHSA-qxpq-82f3-xj47","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qxpq-82f3-xj47"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-qxpq-82f3-xj47","reference_id":"GHSA-qxpq-82f3-xj47","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T14:07:25Z/"}],"url":"https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-qxpq-82f3-xj47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373403?format=json","purl":"pkg:composer/ci4-cms-erp/ci4ms@0.31.5%2B0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ci4-cms-erp/ci4ms@0.31.5%252B0"},{"url":"http://public2.vulnerablecode.io/api/packages/1025730?format=json","purl":"pkg:composer/ci4-cms-erp/ci4ms@0.31.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-28yh-hjbw-w7ce"},{"vulnerability":"VCID-48sm-mr7f-ducd"},{"vulnerability":"VCID-dsph-q7jr-qudx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ci4-cms-erp/ci4ms@0.31.5.0"}],"aliases":["CVE-2026-41201","GHSA-qxpq-82f3-xj47"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dq3s-2u24-skhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80814?format=json","vulnerability_id":"VCID-tfxq-7v9w-p3ff","summary":"CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the theme create permission to write files to arbitrary filesystem locations (Zip Slip) and achieve remote code execution by dropping a PHP file under the public web root. This issue has been patched in version 0.31.5.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41203","reference_id":"","reference_type":"","scores":[{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67847","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41203"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ci4-cms-erp/ci4ms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41203","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41203"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.5.0","reference_id":"0.31.5.0","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-07T13:49:29Z/"}],"url":"https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.5.0"},{"reference_url":"https://github.com/advisories/GHSA-xv3r-vr59-95rg","reference_id":"GHSA-xv3r-vr59-95rg","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xv3r-vr59-95rg"},{"reference_url":"https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-xv3r-vr59-95rg","reference_id":"GHSA-xv3r-vr59-95rg","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-07T13:49:29Z/"}],"url":"https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-xv3r-vr59-95rg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373403?format=json","purl":"pkg:composer/ci4-cms-erp/ci4ms@0.31.5%2B0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ci4-cms-erp/ci4ms@0.31.5%252B0"},{"url":"http://public2.vulnerablecode.io/api/packages/1025730?format=json","purl":"pkg:composer/ci4-cms-erp/ci4ms@0.31.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-28yh-hjbw-w7ce"},{"vulnerability":"VCID-48sm-mr7f-ducd"},{"vulnerability":"VCID-dsph-q7jr-qudx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ci4-cms-erp/ci4ms@0.31.5.0"}],"aliases":["CVE-2026-41203","GHSA-xv3r-vr59-95rg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tfxq-7v9w-p3ff"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ci4-cms-erp/ci4ms@0.31.5.0"}