Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/codeigniter4/framework@4.2.6
Typecomposer
Namespacecodeigniter4
Nameframework
Version4.2.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.7.3
Latest_non_vulnerable_version4.7.3
Affected_by_vulnerabilities
0
url VCID-1znc-1bss-pkaj
vulnerability_id VCID-1znc-1bss-pkaj
summary CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46240
reference_id
reference_type
scores
0
value 0.00426
scoring_system epss
scoring_elements 0.62717
published_at 2026-06-11T12:55:00Z
1
value 0.00426
scoring_system epss
scoring_elements 0.62827
published_at 2026-06-14T12:55:00Z
2
value 0.00426
scoring_system epss
scoring_elements 0.62819
published_at 2026-06-12T12:55:00Z
3
value 0.00426
scoring_system epss
scoring_elements 0.62832
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46240
1
reference_url https://github.com/codeigniter4/CodeIgniter4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46240
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46240
3
reference_url https://github.com/codeigniter4/CodeIgniter4/commit/423569fc31e29f51635a2e59c89770333f0e7563
reference_id 423569fc31e29f51635a2e59c89770333f0e7563
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:35:16Z/
url https://github.com/codeigniter4/CodeIgniter4/commit/423569fc31e29f51635a2e59c89770333f0e7563
4
reference_url https://codeigniter4.github.io/userguide/general/errors.html#error-reporting
reference_id errors.html#error-reporting
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:35:16Z/
url https://codeigniter4.github.io/userguide/general/errors.html#error-reporting
5
reference_url https://github.com/advisories/GHSA-hwxf-qxj7-7rfj
reference_id GHSA-hwxf-qxj7-7rfj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hwxf-qxj7-7rfj
6
reference_url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-hwxf-qxj7-7rfj
reference_id GHSA-hwxf-qxj7-7rfj
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:35:16Z/
url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-hwxf-qxj7-7rfj
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.4.3
purl pkg:composer/codeigniter4/framework@4.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dtde-gj8c-a7br
1
vulnerability VCID-jdsk-9fw6-buhu
2
vulnerability VCID-kqy2-2nun-27cn
3
vulnerability VCID-p6ns-5khc-77au
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.4.3
aliases CVE-2023-46240, GHSA-hwxf-qxj7-7rfj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1znc-1bss-pkaj
1
url VCID-dq2u-p7ju-6yfd
vulnerability_id VCID-dq2u-p7ju-6yfd
summary CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32692
reference_id
reference_type
scores
0
value 0.01956
scoring_system epss
scoring_elements 0.8387
published_at 2026-06-11T12:55:00Z
1
value 0.01956
scoring_system epss
scoring_elements 0.8393
published_at 2026-06-14T12:55:00Z
2
value 0.01956
scoring_system epss
scoring_elements 0.83927
published_at 2026-06-12T12:55:00Z
3
value 0.01956
scoring_system epss
scoring_elements 0.83934
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32692
1
reference_url https://github.com/codeigniter4/CodeIgniter4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4
2
reference_url https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md#v435-2023-05-21
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md#v435-2023-05-21
3
reference_url https://github.com/codeigniter4/CodeIgniter4/commit/6af677177fa1d9ad62f7a793bc96cba3068632ba
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4/commit/6af677177fa1d9ad62f7a793bc96cba3068632ba
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32692
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32692
5
reference_url https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md
reference_id CHANGELOG.md
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-10T20:38:34Z/
url https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md
6
reference_url https://github.com/advisories/GHSA-m6m8-6gq8-c9fj
reference_id GHSA-m6m8-6gq8-c9fj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6m8-6gq8-c9fj
7
reference_url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-m6m8-6gq8-c9fj
reference_id GHSA-m6m8-6gq8-c9fj
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-10T20:38:34Z/
url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-m6m8-6gq8-c9fj
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.3.5
purl pkg:composer/codeigniter4/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1znc-1bss-pkaj
1
vulnerability VCID-dtde-gj8c-a7br
2
vulnerability VCID-jdsk-9fw6-buhu
3
vulnerability VCID-kqy2-2nun-27cn
4
vulnerability VCID-p6ns-5khc-77au
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.3.5
aliases CVE-2023-32692, GHSA-m6m8-6gq8-c9fj, GMS-2023-1562
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dq2u-p7ju-6yfd
2
url VCID-dtde-gj8c-a7br
vulnerability_id VCID-dtde-gj8c-a7br
summary CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29904
reference_id
reference_type
scores
0
value 0.00744
scoring_system epss
scoring_elements 0.73559
published_at 2026-06-14T12:55:00Z
1
value 0.00744
scoring_system epss
scoring_elements 0.73546
published_at 2026-06-12T12:55:00Z
2
value 0.00744
scoring_system epss
scoring_elements 0.73473
published_at 2026-06-11T12:55:00Z
3
value 0.00744
scoring_system epss
scoring_elements 0.73561
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29904
1
reference_url https://github.com/codeigniter4/CodeIgniter4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-29904
reference_id CVE-2024-29904
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-29904
3
reference_url https://github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0
reference_id fa851acbae7ae4c5a97f8f38ae87aa0822a334c0
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T20:01:34Z/
url https://github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0
4
reference_url https://github.com/advisories/GHSA-39fp-mqmm-gxj6
reference_id GHSA-39fp-mqmm-gxj6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-39fp-mqmm-gxj6
5
reference_url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6
reference_id GHSA-39fp-mqmm-gxj6
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T20:01:34Z/
url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.4.7
purl pkg:composer/codeigniter4/framework@4.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jdsk-9fw6-buhu
1
vulnerability VCID-kqy2-2nun-27cn
2
vulnerability VCID-p6ns-5khc-77au
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.4.7
aliases CVE-2024-29904, GHSA-39fp-mqmm-gxj6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dtde-gj8c-a7br
3
url VCID-jdsk-9fw6-buhu
vulnerability_id VCID-jdsk-9fw6-buhu
summary A stored cross-site scripting (XSS) vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbar_time parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbar_time, and because debugbar-related data is automatically escaped by the CodeIgniter Parser class.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-45406
reference_id
reference_type
scores
0
value 0.00207
scoring_system epss
scoring_elements 0.43331
published_at 2026-06-12T12:55:00Z
1
value 0.00207
scoring_system epss
scoring_elements 0.43341
published_at 2026-06-14T12:55:00Z
2
value 0.00207
scoring_system epss
scoring_elements 0.4335
published_at 2026-06-13T12:55:00Z
3
value 0.00207
scoring_system epss
scoring_elements 0.43174
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-45406
1
reference_url https://github.com/codeigniter4/CodeIgniter4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4
2
reference_url https://github.com/codeigniter4/CodeIgniter4/blob/v4.6.2/system/Debug/Toolbar.php#L496
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4/blob/v4.6.2/system/Debug/Toolbar.php#L496
3
reference_url https://github.com/codeigniter4/framework/blob/v4.6.2/system/Debug/Toolbar.php#L496
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/framework/blob/v4.6.2/system/Debug/Toolbar.php#L496
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-45406
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-45406
5
reference_url https://www.exploit-db.com/exploits/50556
reference_id 50556
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T20:27:59Z/
url https://www.exploit-db.com/exploits/50556
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15943
reference_id CVE-2020-15943
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T20:27:59Z/
url https://nvd.nist.gov/vuln/detail/CVE-2020-15943
7
reference_url https://github.com/advisories/GHSA-49jm-g4m8-x53p
reference_id GHSA-49jm-g4m8-x53p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-49jm-g4m8-x53p
8
reference_url https://github.com/advisories/GHSA-7h5r-54mm-w4pq
reference_id GHSA-7h5r-54mm-w4pq
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T20:27:59Z/
url https://github.com/advisories/GHSA-7h5r-54mm-w4pq
9
reference_url https://medium.com/@talktoshweta0/when-debugging-bites-back-exposing-a-persistent-xss-in-codeigniter4-c9caf804a190
reference_id when-debugging-bites-back-exposing-a-persistent-xss-in-codeigniter4-c9caf804a190
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T20:27:59Z/
url https://medium.com/@talktoshweta0/when-debugging-bites-back-exposing-a-persistent-xss-in-codeigniter4-c9caf804a190
fixed_packages
aliases CVE-2025-45406, GHSA-49jm-g4m8-x53p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jdsk-9fw6-buhu
4
url VCID-jfqs-jftp-byf3
vulnerability_id VCID-jfqs-jftp-byf3
summary CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure `Config\App::$proxyIPs`. As a workaround, do not use `$request->getIPAddress()`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23556
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.34122
published_at 2026-06-12T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.34125
published_at 2026-06-14T12:55:00Z
2
value 0.0014
scoring_system epss
scoring_elements 0.34147
published_at 2026-06-13T12:55:00Z
3
value 0.0014
scoring_system epss
scoring_elements 0.33946
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23556
1
reference_url https://codeigniter4.github.io/userguide/incoming/request.html#CodeIgniter\HTTP\Request::getIPAddress
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://codeigniter4.github.io/userguide/incoming/request.html#CodeIgniter\HTTP\Request::getIPAddress
2
reference_url https://github.com/codeigniter4/CodeIgniter4
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-23556.yaml
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-23556.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23556
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23556
5
reference_url https://github.com/codeigniter4/CodeIgniter4/commit/5ca8c99b2db09a2a08a013836628028ddc984659
reference_id 5ca8c99b2db09a2a08a013836628028ddc984659
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:36:49Z/
url https://github.com/codeigniter4/CodeIgniter4/commit/5ca8c99b2db09a2a08a013836628028ddc984659
6
reference_url https://github.com/advisories/GHSA-ghw3-5qvm-3mqc
reference_id GHSA-ghw3-5qvm-3mqc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ghw3-5qvm-3mqc
7
reference_url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-ghw3-5qvm-3mqc
reference_id GHSA-ghw3-5qvm-3mqc
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:36:49Z/
url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-ghw3-5qvm-3mqc
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.2.11
purl pkg:composer/codeigniter4/framework@4.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1znc-1bss-pkaj
1
vulnerability VCID-dq2u-p7ju-6yfd
2
vulnerability VCID-dtde-gj8c-a7br
3
vulnerability VCID-jdsk-9fw6-buhu
4
vulnerability VCID-kqy2-2nun-27cn
5
vulnerability VCID-p6ns-5khc-77au
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.2.11
aliases CVE-2022-23556, GHSA-ghw3-5qvm-3mqc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfqs-jftp-byf3
5
url VCID-kqy2-2nun-27cn
vulnerability_id VCID-kqy2-2nun-27cn
summary CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagick` as the image library) and either allow file uploads with user-controlled filenames and process uploaded images using the `resize()` method or use the `text()` method with user-controlled text content or options. An attacker can upload a file with a malicious filename containing shell metacharacters that get executed when the image is processed or provide malicious text content or options that get executed when adding text to images Users should upgrade to v4.6.2 or later to receive a patch. As a workaround, switch to the GD image handler (`gd`, the default handler), which is not affected by either vulnerability. For file upload scenarios, instead of using user-provided filenames, generate random names to eliminate the attack vector with `getRandomName()` when using the `move()` method, or use the `store()` method, which automatically generates safe filenames. For text operations, if one must use ImageMagick with user-controlled text, sanitize the input to only allow safe characters and validate/restrict text options.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54418
reference_id
reference_type
scores
0
value 0.03881
scoring_system epss
scoring_elements 0.88551
published_at 2026-06-12T12:55:00Z
1
value 0.03881
scoring_system epss
scoring_elements 0.88557
published_at 2026-06-14T12:55:00Z
2
value 0.03881
scoring_system epss
scoring_elements 0.88558
published_at 2026-06-13T12:55:00Z
3
value 0.03881
scoring_system epss
scoring_elements 0.88512
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54418
1
reference_url https://github.com/codeigniter4/CodeIgniter4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54418
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54418
3
reference_url https://cwe.mitre.org/data/definitions/78.html
reference_id 78.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-28T17:19:03Z/
url https://cwe.mitre.org/data/definitions/78.html
4
reference_url https://owasp.org/www-community/attacks/Command_Injection
reference_id Command_Injection
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-28T17:19:03Z/
url https://owasp.org/www-community/attacks/Command_Injection
5
reference_url https://github.com/codeigniter4/CodeIgniter4/commit/e18120bff1da691e1d15ffc1bf553ae7411762c0
reference_id e18120bff1da691e1d15ffc1bf553ae7411762c0
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-28T17:19:03Z/
url https://github.com/codeigniter4/CodeIgniter4/commit/e18120bff1da691e1d15ffc1bf553ae7411762c0
6
reference_url https://github.com/advisories/GHSA-9952-gv64-x94c
reference_id GHSA-9952-gv64-x94c
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9952-gv64-x94c
7
reference_url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-9952-gv64-x94c
reference_id GHSA-9952-gv64-x94c
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-28T17:19:03Z/
url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-9952-gv64-x94c
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.6.2
purl pkg:composer/codeigniter4/framework@4.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jdsk-9fw6-buhu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.6.2
aliases CVE-2025-54418, GHSA-9952-gv64-x94c
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqy2-2nun-27cn
6
url VCID-ntph-mnds-9ffc
vulnerability_id VCID-ntph-mnds-9ffc
summary CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does not affect session cookies. Users are advised to upgrade to v4.2.7 or later. Users unable to upgrade are advised to manually construct their cookies either by setting the options in code or by constructing Cookie objects. Examples of each workaround are available in the linked GHSA.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39284
reference_id
reference_type
scores
0
value 0.00492
scoring_system epss
scoring_elements 0.66205
published_at 2026-06-13T12:55:00Z
1
value 0.00492
scoring_system epss
scoring_elements 0.66202
published_at 2026-06-14T12:55:00Z
2
value 0.00492
scoring_system epss
scoring_elements 0.6619
published_at 2026-06-12T12:55:00Z
3
value 0.00492
scoring_system epss
scoring_elements 0.66096
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39284
1
reference_url https://github.com/codeigniter4/CodeIgniter4
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4
2
reference_url https://github.com/codeigniter4/CodeIgniter4/issues/6540
reference_id 6540
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:55Z/
url https://github.com/codeigniter4/CodeIgniter4/issues/6540
3
reference_url https://github.com/codeigniter4/CodeIgniter4/pull/6544
reference_id 6544
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:55Z/
url https://github.com/codeigniter4/CodeIgniter4/pull/6544
4
reference_url https://codeigniter4.github.io/userguide/helpers/cookie_helper.html#set_cookie
reference_id cookie_helper.html#set_cookie
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:55Z/
url https://codeigniter4.github.io/userguide/helpers/cookie_helper.html#set_cookie
5
reference_url https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies
reference_id Cookies#restrict_access_to_cookies
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:55Z/
url https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39284
reference_id CVE-2022-39284
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39284
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-39284.yaml
reference_id CVE-2022-39284.YAML
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-39284.yaml
8
reference_url https://github.com/advisories/GHSA-745p-r637-7vvp
reference_id GHSA-745p-r637-7vvp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-745p-r637-7vvp
9
reference_url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-745p-r637-7vvp
reference_id GHSA-745p-r637-7vvp
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:55Z/
url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-745p-r637-7vvp
10
reference_url https://codeigniter4.github.io/userguide/outgoing/response.html#CodeIgniter%5CHTTP%5CResponse::setCookie
reference_id response.html#CodeIgniter%5CHTTP%5CResponse::setCookie
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:55Z/
url https://codeigniter4.github.io/userguide/outgoing/response.html#CodeIgniter%5CHTTP%5CResponse::setCookie
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.2.7
purl pkg:composer/codeigniter4/framework@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1znc-1bss-pkaj
1
vulnerability VCID-dq2u-p7ju-6yfd
2
vulnerability VCID-dtde-gj8c-a7br
3
vulnerability VCID-jdsk-9fw6-buhu
4
vulnerability VCID-jfqs-jftp-byf3
5
vulnerability VCID-kqy2-2nun-27cn
6
vulnerability VCID-p6ns-5khc-77au
7
vulnerability VCID-snv3-sbwn-w3ah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.2.7
aliases CVE-2022-39284, GHSA-745p-r637-7vvp
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ntph-mnds-9ffc
7
url VCID-p6ns-5khc-77au
vulnerability_id VCID-p6ns-5khc-77au
summary CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed requests might lead to a DoS scenario if a remote service’s web application firewall interprets them as malicious and blocks further communication with the application. This vulnerability is fixed in 4.5.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24013
reference_id
reference_type
scores
0
value 0.00191
scoring_system epss
scoring_elements 0.41132
published_at 2026-06-12T12:55:00Z
1
value 0.00191
scoring_system epss
scoring_elements 0.41143
published_at 2026-06-14T12:55:00Z
2
value 0.00191
scoring_system epss
scoring_elements 0.40966
published_at 2026-06-11T12:55:00Z
3
value 0.00191
scoring_system epss
scoring_elements 0.41153
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24013
1
reference_url https://github.com/codeigniter4/CodeIgniter4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-24013
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-24013
3
reference_url https://github.com/codeigniter4/CodeIgniter4/commit/5f8aa24280fb09947897d6b322bf1f0e038b13b6
reference_id 5f8aa24280fb09947897d6b322bf1f0e038b13b6
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-21T14:50:53Z/
url https://github.com/codeigniter4/CodeIgniter4/commit/5f8aa24280fb09947897d6b322bf1f0e038b13b6
4
reference_url https://github.com/advisories/GHSA-wxmh-65f7-jcvw
reference_id GHSA-wxmh-65f7-jcvw
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-21T14:50:53Z/
url https://github.com/advisories/GHSA-wxmh-65f7-jcvw
5
reference_url https://github.com/advisories/GHSA-x5mq-jjr3-vmx6
reference_id GHSA-x5mq-jjr3-vmx6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x5mq-jjr3-vmx6
6
reference_url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-x5mq-jjr3-vmx6
reference_id GHSA-x5mq-jjr3-vmx6
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-21T14:50:53Z/
url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-x5mq-jjr3-vmx6
7
reference_url https://datatracker.ietf.org/doc/html/rfc7230#section-3.2
reference_id rfc7230#section-3.2
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-21T14:50:53Z/
url https://datatracker.ietf.org/doc/html/rfc7230#section-3.2
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.5.8
purl pkg:composer/codeigniter4/framework@4.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jdsk-9fw6-buhu
1
vulnerability VCID-kqy2-2nun-27cn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.5.8
aliases CVE-2025-24013, GHSA-x5mq-jjr3-vmx6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6ns-5khc-77au
8
url VCID-snv3-sbwn-w3ah
vulnerability_id VCID-snv3-sbwn-w3ah
summary CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if an attacker gets one session cookie (e.g., one for user pages), they may be able to access pages that require another session cookie (e.g., for admin pages). This issue has been patched, please upgrade to version 4.2.11 or later. As a workaround, use only one session cookie.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-46170
reference_id
reference_type
scores
0
value 0.00311
scoring_system epss
scoring_elements 0.54632
published_at 2026-06-11T12:55:00Z
1
value 0.00311
scoring_system epss
scoring_elements 0.54758
published_at 2026-06-14T12:55:00Z
2
value 0.00311
scoring_system epss
scoring_elements 0.54774
published_at 2026-06-13T12:55:00Z
3
value 0.00311
scoring_system epss
scoring_elements 0.54757
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-46170
1
reference_url https://codeigniter4.github.io/userguide/libraries/sessions.html#session-drivers
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://codeigniter4.github.io/userguide/libraries/sessions.html#session-drivers
2
reference_url https://github.com/codeigniter4/CodeIgniter4
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/codeigniter4/CodeIgniter4
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-46170.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-46170.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-46170
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-46170
5
reference_url https://github.com/codeigniter4/CodeIgniter4/commit/f9fb6574fbeb5a4aa63f7ea87296523e10db9328
reference_id f9fb6574fbeb5a4aa63f7ea87296523e10db9328
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:32:54Z/
url https://github.com/codeigniter4/CodeIgniter4/commit/f9fb6574fbeb5a4aa63f7ea87296523e10db9328
6
reference_url https://github.com/advisories/GHSA-6cq5-8cj7-g558
reference_id GHSA-6cq5-8cj7-g558
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6cq5-8cj7-g558
7
reference_url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-6cq5-8cj7-g558
reference_id GHSA-6cq5-8cj7-g558
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-15T14:32:54Z/
url https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-6cq5-8cj7-g558
fixed_packages
0
url pkg:composer/codeigniter4/framework@4.2.11
purl pkg:composer/codeigniter4/framework@4.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1znc-1bss-pkaj
1
vulnerability VCID-dq2u-p7ju-6yfd
2
vulnerability VCID-dtde-gj8c-a7br
3
vulnerability VCID-jdsk-9fw6-buhu
4
vulnerability VCID-kqy2-2nun-27cn
5
vulnerability VCID-p6ns-5khc-77au
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.2.11
aliases CVE-2022-46170, GHSA-6cq5-8cj7-g558
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-snv3-sbwn-w3ah
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/codeigniter4/framework@4.2.6