CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-40826
https://notcve.org/view.php?id=CVE-2022-40826
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function. Note: Multiple third parties have disputed this as not a valid vulnerability. B.C. Institute of Technology CodeIgniter versiones anteriores a 3.1.13 incluyéndola, es vulnerable a una inyección SQL por medio de la función system\database\DB_query_builder.php or_having() • https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md https://github.com/bcit-ci/CodeIgniter/issues/6161 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-40832
https://notcve.org/view.php?id=CVE-2022-40832
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php having() function. Note: Multiple third parties have disputed this as not a valid vulnerability. B.C. Institute of Technology CodeIgniter versiones anteriores a 3.1.13 incluyéndola, es vulnerable a una inyección SQL por medio de la función system\database\DB_query_builder.php having() • https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md https://github.com/bcit-ci/CodeIgniter/issues/6161 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-40831
https://notcve.org/view.php?id=CVE-2022-40831
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php like() function. Note: Multiple third parties have disputed this as not a valid vulnerability. B.C. Institute of Technology CodeIgniter versiones anteriores a 3.1.13 incluyéndola, es vulnerable a una inyección SQL por medio de la función like() de system\database\DB_query_builder.php • https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md https://github.com/bcit-ci/CodeIgniter/issues/6161 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-39284 – Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued in Codeigniter4
https://notcve.org/view.php?id=CVE-2022-39284
CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does not affect session cookies. Users are advised to upgrade to v4.2.7 or later. • https://codeigniter4.github.io/userguide/helpers/cookie_helper.html#set_cookie https://codeigniter4.github.io/userguide/outgoing/response.html#CodeIgniter%5CHTTP%5CResponse::setCookie https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies https://github.com/codeigniter4/CodeIgniter4/issues/6540 https://github.com/codeigniter4/CodeIgniter4/pull/6544 https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-745p-r637-7vvp • CWE-665: Improper Initialization CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35213
https://notcve.org/view.php?id=CVE-2022-35213
Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php. Se ha detectado que Ecommerce-CodeIgniter-Bootstrap versiones anteriores al commit 56465f, contenía una vulnerabilidad de tipo cross-site scripting (XSS) por medio de la función base_url() en el archivo /blog/blogpublish.php. • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/56465fb6a83aaa934a76615a8579100938b790a1 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •