Ci4-Cms-Erp Ci4Ms vulnerabilities
36 known vulnerabilities affecting ci4-cms-erp/ci4ms.
Total CVEs
36
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL19HIGH9MEDIUM8
Vulnerabilities
Page 1 of 2
CVE-2026-41202P2CRITICALCVSS 9.4fixed in 0.31.5.02026-05-07
CVE-2026-41202 [CRITICAL] CWE-22 CVE-2026-41202: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the backup create permission to write files to
ghsanvd
CVE-2026-25510P2HIGHCVSS 8.8fixed in 0.28.5.02026-02-03
CVE-2026-25510 [HIGH] CWE-94 CVE-2026-25510: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution (RCE) by leveraging the file creation and save endpoints, an attacker can upload and execute arbitra
ghsanvdosv
CVE-2026-41203P2CRITICALCVSS 9.4fixed in 0.31.5.02026-05-07
CVE-2026-41203 [CRITICAL] CWE-22 CVE-2026-41203: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the theme create permission to write files to arb
ghsanvd
CVE-2026-39394P2CRITICALCVSS 9.8fixed in 0.31.4.02026-04-08
CVE-2026-39394 [CRITICAL] CWE-93 CVE-2026-39394: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index() controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings(), which writes it into the .env file via preg_replace().
ghsanvdosv
CVE-2026-34572P3HIGHCVSS 8.8fixed in 0.31.0.02026-04-01
CVE-2026-34572 [HIGH] CWE-284 CVE-2026-34572: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deactivated. Due to a logic flaw in the backend design, account state changes are enforced only duri
ghsanvdosv
CVE-2026-34570P3HIGHCVSS 8.8fixed in 0.31.0.02026-04-01
CVE-2026-34570 [HIGH] CWE-284 CVE-2026-34570: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deleted. Due to a logic flaw in the backend design, account state changes are enforced only during a
ghsanvdosv
CVE-2026-41587P3HIGHCVSS 8.6v>= 0.26.0.0, < 0.31.7.02026-05-07
CVE-2026-41587 [HIGH] CWE-434 CVE-2026-41587: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution (RCE) by uploading a crafted ZIP file.
ghsanvd
CVE-2026-39393P3HIGHCVSS 8.1fixed in 0.31.4.02026-04-08
CVE-2026-39393 [HIGH] CWE-306 CVE-2026-39393: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check (cache('settings')) combined with .env file existence to block post-installation access to the setup wizard. When the d
ghsanvdosv
CVE-2026-35035P3CRITICALCVSS 9.0fixed in 0.31.2.02026-04-06
CVE-2026-35035 [CRITICAL] CWE-79 CVE-2026-35035: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative configuration fields accept attacker-controlled input t
ghsanvdosv
CVE-2026-41201P3CRITICALCVSS 9.1v= 0.31.4.02026-05-07
CVE-2026-41201 [CRITICAL] CWE-79 CVE-2026-41201: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated via a sql file that tampers with the file name field to
ghsanvd
CVE-2026-34571P3CRITICALCVSS 9.0fixed in 0.31.0.02026-04-01
CVE-2026-34571 [CRITICAL] CWE-79 CVE-2026-34571: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting (Stored XSS) vulnerability exists in the backend user management functionality. The application fails to properly sanitize user-controlled input before
ghsanvdosv
CVE-2026-34562P3CRITICALCVSS 9.0fixed in 0.31.0.02026-04-01
CVE-2026-34562 [CRITICAL] CWE-79 CVE-2026-34562: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative configuration fields accept attacker-controlled
ghsanvdosv
CVE-2026-34560P3CRITICALCVSS 9.0fixed in 0.31.0.02026-04-01
CVE-2026-34560 [CRITICAL] CWE-79 CVE-2026-34560: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged data, it is rendered without proper output encoding.
ghsanvdosv
CVE-2026-34565P3CRITICALCVSS 9.0fixed in 0.31.0.02026-04-01
CVE-2026-34565 [CRITICAL] CWE-79 CVE-2026-34565: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Posts to navigation menus through the Menu Management functionality. Post-related data selected via the
ghsanvdosv
CVE-2026-27599P3HIGHCVSS 7.2fixed in 0.31.0.02026-03-30
CVE-2026-27599 [HIGH] CWE-79 CVE-2026-27599: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Mail Settings. Several configuration fields, including Mail Server, Mail Port, Email Address, E
ghsanvdosv
CVE-2026-34558P3CRITICALCVSS 9.0fixed in 0.31.0.02026-03-30
CVE-2026-34558 [CRITICAL] CWE-79 CVE-2026-34558: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Methods Management functionality when creating or managing application methods/pages. Multiple input fiel
ghsanvdosv
CVE-2026-34557P3CRITICALCVSS 9.0fixed in 0.31.0.02026-03-30
CVE-2026-34557 [CRITICAL] CWE-79 CVE-2026-34557: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within group and role management functionality. Multiple input fields (three distinct group-related fields) can be i
ghsanvdosv
CVE-2026-34566P3CRITICALCVSS 9.0fixed in 0.31.0.02026-04-01
CVE-2026-34566 [CRITICAL] CWE-79 CVE-2026-34566: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Page Management functionality when creating or editing pages. Multiple input fields accept attacker-contr
ghsanvdosv
CVE-2026-34563P3CRITICALCVSS 9.0fixed in 0.31.0.02026-04-01
CVE-2026-34563 [CRITICAL] CWE-79 CVE-2026-34563: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when handling backup uploads and processing backup metadata. An attacker can inject a malicious JavaScript payload i
ghsanvdosv
CVE-2026-34569P3CRITICALCVSS 9.0fixed in 0.31.0.02026-04-01
CVE-2026-34569 [CRITICAL] CWE-79 CVE-2026-34569: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog categories. An attacker can inject a malicious JavaScript payload into the category ti
ghsanvdosv
1 / 2Next →