Codeigniter: >> Codeigniter >> 1.7.2 Security Vulnerabilities
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.
CVSS Score
9.8
EPSS Score
0.312
Published
2017-09-19
system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.
CVSS Score
9.8
EPSS Score
0.033
Published
2017-01-12
CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files.
CVSS Score
5.0
EPSS Score
0.003
Published
2011-09-23
Page 2