Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-76nu-w1zz-m7f5
Vulnerability ID VCID-76nu-w1zz-m7f5
Aliases CVE-2018-12071
GHSA-g434-3q2j-hj4r
Summary
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-384 Session Fixation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00242 https://api.first.org/data/v1/epss?cve=CVE-2018-12071
epss 0.00242 https://api.first.org/data/v1/epss?cve=CVE-2018-12071
cvssv3.1 9.8 https://github.com/bcit-ci/CodeIgniter
generic_textual CRITICAL https://github.com/bcit-ci/CodeIgniter
cvssv3.1 9.8 https://github.com/bcit-ci/CodeIgniter/commit/800a20d6c4662d99ae0988b2f8f2238bb8bb29db
generic_textual CRITICAL https://github.com/bcit-ci/CodeIgniter/commit/800a20d6c4662d99ae0988b2f8f2238bb8bb29db
cvssv3.1 9.8 https://github.com/bcit-ci/CodeIgniter/commit/a9da3dd2f16a8f97d7bc4ff5572b28e4bb84c813#diff-32788a4d3748e8818044886ab43241179c7f5f5b82e979e73146669ca6e2da1cR306
generic_textual CRITICAL https://github.com/bcit-ci/CodeIgniter/commit/a9da3dd2f16a8f97d7bc4ff5572b28e4bb84c813#diff-32788a4d3748e8818044886ab43241179c7f5f5b82e979e73146669ca6e2da1cR306
cvssv3.1 9.8 https://github.com/bcit-ci/CodeIgniter/issues/5958
generic_textual CRITICAL https://github.com/bcit-ci/CodeIgniter/issues/5958
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-12071
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2018-12071
cvssv3.1 9.8 https://web.archive.org/web/20181115214804/https://www.codeigniter.com/user_guide/changelog.html#version-3-1-9
generic_textual CRITICAL https://web.archive.org/web/20181115214804/https://www.codeigniter.com/user_guide/changelog.html#version-3-1-9
cvssv3.1 9.8 https://www.codeigniter.com/user_guide/changelog.html
generic_textual CRITICAL https://www.codeigniter.com/user_guide/changelog.html
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2018-12071
https://github.com/bcit-ci/CodeIgniter
https://github.com/bcit-ci/CodeIgniter/commit/800a20d6c4662d99ae0988b2f8f2238bb8bb29db
https://github.com/bcit-ci/CodeIgniter/commit/a9da3dd2f16a8f97d7bc4ff5572b28e4bb84c813#diff-32788a4d3748e8818044886ab43241179c7f5f5b82e979e73146669ca6e2da1cR306
https://github.com/bcit-ci/CodeIgniter/issues/5958
https://nvd.nist.gov/vuln/detail/CVE-2018-12071
https://web.archive.org/web/20181115214804/https://www.codeigniter.com/user_guide/changelog.html#version-3-1-9
https://www.codeigniter.com/user_guide/changelog.html
GHSA-g434-3q2j-hj4r https://github.com/advisories/GHSA-g434-3q2j-hj4r
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/bcit-ci/CodeIgniter
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/bcit-ci/CodeIgniter/commit/800a20d6c4662d99ae0988b2f8f2238bb8bb29db
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/bcit-ci/CodeIgniter/commit/a9da3dd2f16a8f97d7bc4ff5572b28e4bb84c813#diff-32788a4d3748e8818044886ab43241179c7f5f5b82e979e73146669ca6e2da1cR306
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/bcit-ci/CodeIgniter/issues/5958
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-12071
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20181115214804/https://www.codeigniter.com/user_guide/changelog.html#version-3-1-9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.codeigniter.com/user_guide/changelog.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.47764
EPSS Score 0.00242
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-12T01:41:53.359522+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.6.0