Product
codeigniter
43 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-54418
CVE-2025-24013
CVE-2024-41344
CVE-2024-29904
CVE-2023-48708
CVE-2023-48707
CVE-2023-46240
CVE-2023-32692
CVE-2023-27580
CVE-2022-46170
CVE-2022-23556
CVE-2022-40835
CVE-2022-40834
CVE-2022-40833
CVE-2022-40832
CVE-2022-40831
CVE-2022-40830
CVE-2022-40829
CVE-2022-40828
CVE-2022-40827
CVE-2022-40826
CVE-2022-40825
CVE-2022-40824
CVE-2022-39284
CVE-2022-35943
CVE-2022-24712
CVE-2022-24711
CVE-2022-21715
CVE-2022-21647
CVE-2020-10793
CVE-2012-1915
CVE-2018-12071
CVE-2015-5725
CVE-2013-4891
CVE-2017-1000247
CVE-2014-8686
CVE-2014-8684
CVE-2016-10131
CVE-2011-3719
CVE-2007-3709
CVE-2007-3708
CVE-2007-3707
CVE-2007-3706
>= 4.0.0 and < 4.6.2
CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applic
< 4.5.8
CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value.
all versions
A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and es
< 4.4.7
CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulne
all versions
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attemp
all versions
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The
secretKey value is an important key fo< 4.4.3
CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed er
< 4.3.5
CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validati
all versions
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was f
>= 4.0.0 and < 4.2.11
CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and
>= 4.0.0 and < 4.2.11
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is
>= 3.0 and <= 3.1.13
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php. Note: M
>= 3.0 and <= 3.1.13
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_l
>= 3.0 and <= 3.1.13
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where
>= 3.0 and <= 3.1.13
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php having()
>= 3.0 and <= 3.1.13
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php like() f
>= 3.0 and <= 3.1.13
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_no
>= 3.0 and <= 3.1.13
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_like(
>= 3.0 and <= 3.1.13
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where
>= 3.0 and <= 3.1.13
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where()
>= 3.0 and <= 3.1.13
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_havin
>= 3.0 and <= 3.1.13
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_in
>= 3.0 and <= 3.1.13
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where
>= 4.0.0 and < 4.2.7
CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting
$secure or $httponly value to true in `Con< 4.2.3
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypa
>= 4.0.0 and < 4.1.9
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might al
>= 4.0.0 and < 4.1.9
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validatio
>= 4.0.0 and < 4.1.8
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was foun
>= 4.0.0 and < 4.1.6
CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the
old() function in<= 4.0.0
CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page
< 2.1.2
EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks.
< 3.1.9
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.
< 2.2.4
SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to
< 2.1.4
The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and con
all versions
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() commo
<= 2.1.4
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encr
<= 2.2.6
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session c
<= 3.1.2
system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control ove
all versions
CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the i
all versions
CRLF injection vulnerability in the redirect function in url_helper.php in CodeIgniter 1.5.3 allows remote attackers to inject arb
all versions
Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web scri
all versions
Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enable_query_strings is true, allows rem
all versions
The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables wi