29 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`. • https://codeigniter4.github.io/userguide/general/errors.html#error-reporting https://github.com/codeigniter4/CodeIgniter4/commit/423569fc31e29f51635a2e59c89770333f0e7563 https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-hwxf-qxj7-7rfj • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5. CodeIgniter es un framework web PHP full-stack. • https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-m6m8-6gq8-c9fj • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1

B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability. B.C. Institute of Technology CodeIgniter versiones anteriores a 3.1.13 incluyéndola, es vulnerable a una inyección SQL por medio de la función system\database\DB_query_builder.php or_where_not_in() • https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md https://github.com/bcit-ci/CodeIgniter/issues/6161 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1

B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function. Note: Multiple third parties have disputed this as not a valid vulnerability. B.C. Institute of Technology CodeIgniter versiones anteriores a 3.1.13 incluyéndola, es vulnerable a una inyección SQL por medio de la función system\database\DB_query_builder.php where() • https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1

B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function. Note: Multiple third parties have disputed this as not a valid vulnerability. B.C. Institute of Technology CodeIgniter versiones anteriores a 3.1.13 incluyéndola, es vulnerable a una inyección SQL por medio de la función system\database\DB_query_builder.php or_not_like() • https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md https://github.com/bcit-ci/CodeIgniter/issues/6161 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •