CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-27580 – CodeIgniter Shield Password Shucking Vulnerability
https://notcve.org/view.php?id=CVE-2023-27580
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets (1) the user's hashed password by Shield, and (2) the hashed password (SHA-384 hash without salt) from somewhere, the attacker may easily crack the user's password. • https://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pre-hashing-passwords https://github.com/codeigniter4/shield/blob/develop/UPGRADING.md https://github.com/codeigniter4/shield/commit/ea9688dd01d100193d834117dbfc2cfabcf9ea0b https://github.com/codeigniter4/shield/security/advisories/GHSA-c5vj-f36q-p9vg https://www.scottbrady91.com/authentication/beware-of-password-shucking • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-23010
https://notcve.org/view.php?id=CVE-2023-23010
Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php. Vulnerabilidad de cross site scripting (XSS) en Ecommerce-CodeIgniter-Bootstrap a través del commit d5904379ca55014c5df34c67deda982c73dc7fe5 (el 27 de diciembre de 2022), permite a atacantes ejecutar código arbitrario a través de los idiomas y los parámetros trans_load en el archivo add_product.php. • https://gist.github.com/enferas/8a836008e9f635a2f80d09c9a8b5a533 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/d5904379ca55014c5df34c67deda982c73dc7fe5 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/242 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46170 – CodeIgniter is vulnerable to improper authentication via Session Handlers
https://notcve.org/view.php?id=CVE-2022-46170
CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if an attacker gets one session cookie (e.g., one for user pages), they may be able to access pages that require another session cookie (e.g., for admin pages). This issue has been patched, please upgrade to version 4.2.11 or later. As a workaround, use only one session cookie. CodeIgniter es un framework web PHP full-stack. • https://github.com/codeigniter4/CodeIgniter4/commit/f9fb6574fbeb5a4aa63f7ea87296523e10db9328 https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-6cq5-8cj7-g558 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23556 – CodeIgniter is vulnerable to IP address spoofing when using proxy
https://notcve.org/view.php?id=CVE-2022-23556
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure `Config\App::$proxyIPs`. As a workaround, do not use `$request->getIPAddress()`. CodeIgniter es un framework web PHP de full-stack. • https://github.com/codeigniter4/CodeIgniter4/commit/5ca8c99b2db09a2a08a013836628028ddc984659 https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-ghw3-5qvm-3mqc • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-40828
https://notcve.org/view.php?id=CVE-2022-40828
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability. B.C. Institute of Technology CodeIgniter versiones anteriores a 3.1.13 incluyéndola, es vulnerable a una inyección SQL por medio de la función system\database\DB_query_builder.php or_where_not_in() • https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md https://github.com/bcit-ci/CodeIgniter/issues/6161 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •