VulnerableCode Package Details - pkg:composer/codeigniter4/shield@1.0.0-beta.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-ksav-p5du-duep Aliases: CVE-2023-48708 GHSA-j72f-h752-mx4w GMS-2023-4599		1.0.0-beta.8 Affected by 0 other vulnerabilities.
VCID-pmr7-5sk2-dyat Aliases: CVE-2023-48707 GHSA-v427-c49j-8w6x GMS-2023-4600		1.0.0-beta.8 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ksav-p5du-duep
Aliases:
CVE-2023-48708
GHSA-j72f-h752-mx4w
GMS-2023-4599

1.0.0-beta.8
Affected by 0 other vulnerabilities.

VCID-pmr7-5sk2-dyat
Aliases:
CVE-2023-48707
GHSA-v427-c49j-8w6x
GMS-2023-4600

1.0.0-beta.8
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-hdcm-szxg-7ucu	CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets (1) the user's hashed password by Shield, and (2) the hashed password (SHA-384 hash without salt) from somewhere, the attacker may easily crack the user's password. Upgrade to Shield v1.0.0-beta.4 or later to fix this issue. After upgrading, all users’ hashed passwords should be updated (saved to the database). There are no known workarounds.	CVE-2023-27580 GHSA-c5vj-f36q-p9vg

Vulnerability

Summary

Aliases

VCID-hdcm-szxg-7ucu

CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets (1) the user's hashed password by Shield, and (2) the hashed password (SHA-384 hash without salt) from somewhere, the attacker may easily crack the user's password. Upgrade to Shield v1.0.0-beta.4 or later to fix this issue. After upgrading, all users’ hashed passwords should be updated (saved to the database). There are no known workarounds.

CVE-2023-27580
GHSA-c5vj-f36q-p9vg

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T06:25:36.133493+00:00	GHSA Importer	Fixing	VCID-hdcm-szxg-7ucu	https://github.com/advisories/GHSA-c5vj-f36q-p9vg	38.6.0
2026-06-12T19:11:47.775637+00:00	GitLab Importer	Affected by	VCID-ksav-p5du-duep	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter4/shield/GMS-2023-4599.yml	38.6.0
2026-06-12T19:11:46.879711+00:00	GitLab Importer	Affected by	VCID-pmr7-5sk2-dyat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter4/shield/GMS-2023-4600.yml	38.6.0
2026-06-12T15:45:44.159232+00:00	GitLab Importer	Fixing	VCID-hdcm-szxg-7ucu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter4/shield/CVE-2023-27580.yml	38.6.0
2026-06-12T07:58:58.405588+00:00	GithubOSV Importer	Fixing	VCID-hdcm-szxg-7ucu	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-c5vj-f36q-p9vg/GHSA-c5vj-f36q-p9vg.json	38.6.0