Codeigniter Framework vulnerabilities
3 known vulnerabilities affecting codeigniter/framework.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2014-8684P2CRITICALPoC≥ 0, < 3.0.02022-05-17
CVE-2014-8684 [CRITICAL] CodeIgniter and Kohana vulnerable to PHP Object Injection
CodeIgniter and Kohana vulnerable to PHP Object Injection
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.
ghsaosv
CVE-2020-24950P3HIGH≥ 0, < 1.4.102023-08-11
CVE-2020-24950 [HIGH] CWE-89 Withdrawn Advisory: Daylight Studio FUEL-CMS SQLi Vulnerability
Withdrawn Advisory: Daylight Studio FUEL-CMS SQLi Vulnerability
## Withdrawn Advisory
This advisory has been withdrawn because this vulnerability does not affect a package in a [supported ecosystem](https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-types-of-security-advisories).
ghsa
CVE-2018-12071P3CRITICAL≥ 0, < 3.1.102022-05-14
CVE-2018-12071 [CRITICAL] CWE-384 CodeIgniter Session Fixation Vulnerability
CodeIgniter Session Fixation Vulnerability
A Session Fixation issue exists in CodeIgniter before 3.1.10 because `session.use_strict_mode` in the Session Library was mishandled.
ghsaosv