cbcvebase.
CVE-2023-46240
published 2023-10-31

CVE-2023-46240: CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even…

PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.62%
45.3th percentile
CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`.

Affected

3 ranges
VendorProductVersion rangeFixed in
codeignitercodeigniter< 4.4.34.4.3
codeigniter4codeigniter4< 4.4.34.4.3
codeigniter4framework>= 0 < 4.4.34.4.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.