Vulnerabilities > Codeigniter
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-19 | CVE-2014-8686 | Cryptographic Issues vulnerability in Codeigniter CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available. | 5.0 |
| 2017-09-19 | CVE-2014-8684 | Cryptographic Issues vulnerability in multiple products CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes. | 7.5 |
| 2017-01-12 | CVE-2016-10131 | Injection vulnerability in Codeigniter system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. | 7.5 |
| 2011-09-23 | CVE-2011-3719 | Information Exposure vulnerability in Codeigniter 1.7.2 CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files. | 5.0 |
| 2007-07-11 | CVE-2007-3709 | Remote Security vulnerability in Codeigniter 1.5.3 CRLF injection vulnerability in the redirect function in url_helper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header. | 5.0 |
| 2007-07-11 | CVE-2007-3708 | Cross-Site Scripting vulnerability in Codeigniter 1.5.3 Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xss_clean function. network codeigniter | 4.3 |
| 2007-07-11 | CVE-2007-3707 | Directory Traversal vulnerability in Codeigniter 1.5.3 Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enable_query_strings is true, allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-07-11 | CVE-2007-3706 | Local Security vulnerability in Codeigniter 1.5.3 The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie. | 2.1 |