VulnerableCode Package Details - pkg:composer/codeigniter/framework@3.1.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/codeigniter/framework@3.1.0

Essentials
History (21)

purl	pkg:composer/codeigniter/framework@3.1.0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5

Vulnerabilities affecting this package (16)

Vulnerability	Summary	Fixed by
VCID-2hsz-vuhe-dbak Aliases: CVE-2022-40826		There are no reported fixed by versions.
VCID-2qzt-eskd-7qf4 Aliases: CVE-2022-40831		There are no reported fixed by versions.
VCID-3mhu-ddhm-5ke7 Aliases: CVE-2022-40830		There are no reported fixed by versions.
VCID-52pj-ryan-2yfj Aliases: CVE-2022-40825		There are no reported fixed by versions.
VCID-74bw-u8nc-3qbz Aliases: CVE-2022-40829		There are no reported fixed by versions.
VCID-7wzt-96yg-jfah Aliases: CVE-2022-40828		There are no reported fixed by versions.
VCID-9fmk-e4fz-2ybu Aliases: CVE-2022-40832		There are no reported fixed by versions.
VCID-e2md-avz8-bya9 Aliases: CVE-2022-40827		There are no reported fixed by versions.
VCID-e4vu-fhp3-j3em Aliases: CVE-2022-40834		There are no reported fixed by versions.
VCID-en5a-535z-ayca Aliases: CVE-2022-40833		There are no reported fixed by versions.
VCID-fpcv-9quu-8fe2 Aliases: CVE-2022-35943 GHSA-5hm8-vh6r-2cjq	CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection ### Impact This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct (or indirect, e.g., XSS) control over a subdomain site (e.g., `https://a.example.com/`) of the target site (e.g., `http://example.com/`). This vulnerability exists whether `Config\Security::$csrfProtection` is `'cookie'` or `'session'`. It is also exploitable whether `Config\Security::$regenerate` is `true` or `false`. ### Patches Upgrade to CodeIgniter v4.2.3 or later and Shield v1.0.0-beta.2 or later. ### Workarounds Do all of the following: - set `Config\Security::$csrfProtection` to `'session'` - remove old session data right after login (immediately after ID and password match) - regenerate CSRF token right after login (immediately after ID and password match) ### References - [CodeIgniter4 CSRF Protection](https://codeigniter4.github.io/userguide/libraries/security.html) - [SameSite Attacks](https://canitakeyoursubdomain.name/) - [SameSite Cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) - [The great SameSite confusion](https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/) ### For more information If you have any questions or comments about this advisory: * Open an issue or discussion in [codeigniter4/shield](https://github.com/codeigniter4/shield) * Email us at [security@codeigniter.com](mailto:security@codeigniter.com)	There are no reported fixed by versions.
VCID-gnfx-qs26-ukdx Aliases: CVE-2022-40835		There are no reported fixed by versions.
VCID-p756-2jkm-9fc5 Aliases: CVE-2022-40824		There are no reported fixed by versions.
VCID-qdfk-n9gt-6yfp Aliases: CVE-2023-32692 GHSA-m6m8-6gq8-c9fj GMS-2023-1562	Duplicate This advisory duplicates another.	4.3.5 Affected by 0 other vulnerabilities.
VCID-s6nh-cvkt-vygr Aliases: CVE-2023-46240 GHSA-hwxf-qxj7-7rfj	Generation of Error Message Containing Sensitive Information CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`.	There are no reported fixed by versions.
VCID-s814-tdxe-1baf Aliases: CVE-2018-12071 GHSA-g434-3q2j-hj4r	A Session Fixation issue exists in CodeIgniter because `session.use_strict_mode` in the Session Library was mishandled.	3.1.10 Affected by 15 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-3kby-g5ka-cff3	SQL Injection Critical SQL injection bug in the ODBC database driver.	GMS-2016-130
VCID-a6px-3qen-euct	Critical SQL injection bug in the ODBC database driver There's a critical SQL injection bug in the ODBC database driver.	GMS-2016-55
VCID-ebrh-16ww-3bhd	codeigniter/framework SQL injection in ODBC database driver CodeIgniter 3.1.0 addressed a critical security issue within the ODBC database driver. This update includes crucial fixes to mitigate a SQL injection vulnerability, preventing potential exploitation by attackers. It is noteworthy that these fixes render the query builder and escape() functions incompatible with the ODBC driver. However, the update introduces actual query binding as a more secure alternative.	GHSA-27qr-636m-wxg2

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T04:16:51.014365+00:00	GitLab Importer	Affected by	VCID-s6nh-cvkt-vygr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2023-46240.yml	38.6.0
2026-06-06T03:47:31.245515+00:00	GitLab Importer	Affected by	VCID-qdfk-n9gt-6yfp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2023-32692.yml	38.6.0
2026-06-06T03:02:29.514075+00:00	GitLab Importer	Affected by	VCID-9fmk-e4fz-2ybu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40832.yml	38.6.0
2026-06-06T03:02:28.691612+00:00	GitLab Importer	Affected by	VCID-2hsz-vuhe-dbak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40826.yml	38.6.0
2026-06-06T03:02:27.129959+00:00	GitLab Importer	Affected by	VCID-3mhu-ddhm-5ke7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40830.yml	38.6.0
2026-06-06T03:02:26.469167+00:00	GitLab Importer	Affected by	VCID-en5a-535z-ayca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40833.yml	38.6.0
2026-06-06T03:02:25.460354+00:00	GitLab Importer	Affected by	VCID-2qzt-eskd-7qf4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40831.yml	38.6.0
2026-06-06T03:02:24.793939+00:00	GitLab Importer	Affected by	VCID-e4vu-fhp3-j3em	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40834.yml	38.6.0
2026-06-06T03:02:24.134572+00:00	GitLab Importer	Affected by	VCID-7wzt-96yg-jfah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40828.yml	38.6.0
2026-06-06T03:02:23.487364+00:00	GitLab Importer	Affected by	VCID-gnfx-qs26-ukdx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40835.yml	38.6.0
2026-06-06T03:02:20.804101+00:00	GitLab Importer	Affected by	VCID-52pj-ryan-2yfj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40825.yml	38.6.0
2026-06-06T03:02:19.441393+00:00	GitLab Importer	Affected by	VCID-74bw-u8nc-3qbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40829.yml	38.6.0
2026-06-06T03:02:11.788007+00:00	GitLab Importer	Affected by	VCID-e2md-avz8-bya9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40827.yml	38.6.0
2026-06-06T03:02:11.135194+00:00	GitLab Importer	Affected by	VCID-p756-2jkm-9fc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-40824.yml	38.6.0
2026-06-06T02:45:17.209202+00:00	GitLab Importer	Affected by	VCID-fpcv-9quu-8fe2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-35943.yml	38.6.0
2026-06-06T01:58:27.828927+00:00	GitLab Importer	Affected by	VCID-s814-tdxe-1baf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2018-12071.yml	38.6.0
2026-06-05T21:43:00.285203+00:00	GHSA Importer	Fixing	VCID-ebrh-16ww-3bhd	https://github.com/advisories/GHSA-27qr-636m-wxg2	38.6.0
2026-06-04T16:51:10.067708+00:00	GithubOSV Importer	Fixing	VCID-ebrh-16ww-3bhd	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-27qr-636m-wxg2/GHSA-27qr-636m-wxg2.json	38.6.0
2026-06-04T16:21:40.579617+00:00	GitLab Importer	Fixing	VCID-ebrh-16ww-3bhd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/GHSA-27qr-636m-wxg2.yml	38.6.0
2026-06-02T04:36:37.930287+00:00	GitLab Importer	Fixing	VCID-a6px-3qen-euct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/GMS-2016-55.yml	38.6.0
2026-06-02T04:36:24.665101+00:00	GitLab Importer	Fixing	VCID-3kby-g5ka-cff3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/GMS-2016-130.yml	38.6.0