Shodan
Vulnerabilities
Vulnerable Software
Codeigniter:  Security Vulnerabilities
CVE-2022-46170
CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if an attacker gets one session cookie (e.g., one for user pages), they may be able to access pages that require another session cookie (e.g., for admin pages). This issue has been patched, please upgrade to version 4.2.11 or later. As a workaround, use only one session cookie.
CVSS Score
8.6
EPSS Score
0.003
Published
2022-12-22
CVE-2022-40826
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-07
CVE-2022-40827
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-07
CVE-2022-40828
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-07
CVE-2022-40829
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_like() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-07
CVE-2022-40830
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-07
CVE-2022-40831
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php like() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-07
CVE-2022-40832
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php having() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-07
CVE-2022-40833
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-07
CVE-2022-40834
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved