Security Advisories - codeigniter4/framework

codeigniter4/framework Security Advisories (14)

[CRITICAL] CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability

PKSA-7ybs-j1bv-y5mc CVE-2025-54418 GHSA-9952-gv64-x94c

Affected version: <4.6.2

Reported by:
GitHub
[MEDIUM] Missing validation of header name and value in codeigniter4/framework

PKSA-qbjf-dc24-wrff CVE-2025-24013 GHSA-x5mq-jjr3-vmx6

Affected version: <4.5.8

Reported by:
GitHub
[HIGH] CodeIgniter4 DoS Vulnerability

PKSA-j54j-8c7k-rccq CVE-2024-29904 GHSA-39fp-mqmm-gxj6

Affected version: <4.4.7

Reported by:
GitHub
[HIGH] CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment

PKSA-mscv-ktn8-2rsz CVE-2023-46240 GHSA-hwxf-qxj7-7rfj

Affected version: <=4.4.2

Reported by:
GitHub
[CRITICAL] Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4

PKSA-3xnc-9vd8-pd26 CVE-2023-32692 GHSA-m6m8-6gq8-c9fj

Affected version: <4.3.5

Reported by:
GitHub
[HIGH] CVE-2022-23556: Attackers may spoof IP address when using proxy

PKSA-5qsc-rptw-773m CVE-2022-23556 GHSA-ghw3-5qvm-3mqc

Affected version: <4.2.11

Reported by:
FriendsOfPHP/security-advisories, GitHub
[HIGH] CVE-2022-46170: Potential Session Handlers Vulnerability

PKSA-fdn3-tjqj-tbrj CVE-2022-46170 GHSA-6cq5-8cj7-g558

Affected version: <4.2.11

Reported by:
FriendsOfPHP/security-advisories, GitHub
[LOW] CVE-2022-39284: Config\Cookie Secure or HttpOnly flag not set in CodeIgniter4

PKSA-gdkx-2hq2-gzns CVE-2022-39284 GHSA-745p-r637-7vvp

Affected version: <4.2.7

Reported by:
FriendsOfPHP/security-advisories, GitHub
[HIGH] CodeIgniter Improper Privilege Management

PKSA-65g7-hfqn-nn47 CVE-2020-10793 GHSA-jwqp-wh5g-4gmm

Affected version: <=4.0.0

Reported by:
GitHub
[HIGH] CodeIgniter HTTP Header Injection

PKSA-rzt7-sq65-pynd CVE-2017-1000247 GHSA-j9f9-8j39-4g97

Affected version: =3.1.3

Reported by:
GitHub
[CRITICAL] CVE-2022-24711: Remote CLI Command Execution Vulnerability in CodeIgniter4

PKSA-q6wy-cnms-5v5g CVE-2022-24711 GHSA-xjp4-6w75-qrj7

Affected version: <4.1.9

Reported by:
FriendsOfPHP/security-advisories, GitHub
[MEDIUM] CVE-2022-24712: Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4

PKSA-kyt6-rr9s-bbsy CVE-2022-24712 GHSA-4v37-24gm-h554

Affected version: <4.1.9

Reported by:
FriendsOfPHP/security-advisories, GitHub
[MEDIUM] CVE-2022-21715: XSS Vulnerability in API\ResponseTrait in CodeIgniter4

PKSA-nrxq-vnmr-47kd CVE-2022-21715 GHSA-7528-7jg5-6g62

Affected version: <4.1.8

Reported by:
FriendsOfPHP/security-advisories, GitHub
[HIGH] CVE-2022-21647: Deserialization of Untrusted Data in Codeigniter4

PKSA-tmzy-nc2k-32nq CVE-2022-21647 GHSA-w6jr-wj64-mc9x

Affected version: <4.1.6

Reported by:
FriendsOfPHP/security-advisories, GitHub

codeigniter4/framework Security Advisories (14)

[CRITICAL] CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability

[MEDIUM] Missing validation of header name and value in codeigniter4/framework

[HIGH] CodeIgniter4 DoS Vulnerability

[HIGH] CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment

[CRITICAL] Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4

[HIGH] CVE-2022-23556: Attackers may spoof IP address when using proxy

[HIGH] CVE-2022-46170: Potential Session Handlers Vulnerability

[LOW] CVE-2022-39284: Config\Cookie Secure or HttpOnly flag not set in CodeIgniter4

[HIGH] CodeIgniter Improper Privilege Management

[HIGH] CodeIgniter HTTP Header Injection

[CRITICAL] CVE-2022-24711: Remote CLI Command Execution Vulnerability in CodeIgniter4

[MEDIUM] CVE-2022-24712: Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4

[MEDIUM] CVE-2022-21715: XSS Vulnerability in API\ResponseTrait in CodeIgniter4

[HIGH] CVE-2022-21647: Deserialization of Untrusted Data in Codeigniter4