CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12071
https://notcve.org/view.php?id=CVE-2018-12071
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled. Existe un problema de fijación de sesión en CodeIgniter en versiones anteriores a la 3.1.9 debido a que session.use_strict_mode se gestionó de manera incorrecta en Session Library. • https://www.codeigniter.com/user_guide/changelog.html • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5725
https://notcve.org/view.php?id=CVE-2015-5725
SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable. Vulnerabilidad de inyección SQL en el método offset en la clase Active Record en CodeIgniter, en versiones anteriores a la 2.2.4, permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores relacionados con la variable offset. • https://forum.codeigniter.com/thread-62743.html https://github.com/bcit-ci/CodeIgniter/commit/0dde92def6b9f276f05ff77abb07ead318f9ec23 https://github.com/bcit-ci/CodeIgniter/issues/4020 https://www.codeigniter.com/userguide2/changelog.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-4891
https://notcve.org/view.php?id=CVE-2013-4891
The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag. La función xss_clean en CodeIgniter, en versiones anteriores a la 2.1.4, podría permitir que atacantes remotos omitan un mecanismo de protección planeado y lleven a cabo ataques de Cross-Site Scripting (XSS) mediante unaetiqueta HTML no cerrada. • https://github.com/bcit-ci/CodeIgniter/issues/4020 https://nealpoole.com/blog/2013/07/codeigniter-21-xss-clean-filter-bypass https://www.codeigniter.com/userguide2/changelog.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000247
https://notcve.org/view.php?id=CVE-2017-1000247
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. British Columbia Institute of Technology CodeIgniter 3.1.3 es vulnerable a la inyección de cabeceras HTTP en la función común set_status_header() en Apache, provocando errores de inyección de cabeceras HTTP. • https://www.codeigniter.com/userguide3/changelog.html#version-3-1-4 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2016-10131
https://notcve.org/view.php?id=CVE-2016-10131
system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. system/libraries/Email.php en CodeIgniter en versiones anteriores 3.1.3 permite a atacantes remotos ejecutar código arbitrario aprovechando el control sobre el campo email->from para insertar argumentos de linea de comando sendmail. • http://www.securityfocus.com/bid/96851 https://gist.github.com/Zenexer/40d02da5e07f151adeaeeaa11af9ab36 https://github.com/bcit-ci/CodeIgniter/issues/4963 https://github.com/bcit-ci/CodeIgniter/pull/4966 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •