CVE-2026-34562— CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-34562
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Source: NVD (National Vulnerability Database)
Vulnerability Description
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative configuration fields accept attacker-controlled input that is stored server-side and later rendered without proper output encoding. This issue has been patched in version 0.31.0.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
CI4MS 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CI4MS是Ci4MS开源的一个博客页面管理工具。 CI4MS 0.31.0.0之前版本存在跨站脚本漏洞,该漏洞源于在系统设置-公司信息中未能正确清理用户控制的输入,多个管理配置字段接受攻击者控制的输入,导致存储型跨站脚本攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ci4-cms-erp | ci4ms | < 0.31.0.0 | - |
II. Public POCs for CVE-2026-34562
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-34562
Please Login to view more intelligence information
Same Patch Batch · ci4-cms-erp · 2026-04-01 · 14 CVEs total
| CVE-2026-34571 | 10.0 CRITICAL | CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session |
| CVE-2026-34569 | 10.0 CRITICAL | CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Sto |
| CVE-2026-34568 | 9.1 CRITICAL | CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored D |
| CVE-2026-34560 | 9.1 CRITICAL | CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS |
| CVE-2026-34559 | 9.1 CRITICAL | CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DO |
| CVE-2026-34567 | 9.1 CRITICAL | CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation |
| CVE-2026-34566 | 9.1 CRITICAL | CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Sto |
| CVE-2026-34564 | 9.1 CRITICAL | CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation |
| CVE-2026-34563 | 9.1 CRITICAL | CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via St |
| CVE-2026-34565 | 9.1 CRITICAL | CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation |
| CVE-2026-34572 | 8.8 HIGH | CI4MS: Account Deactivation Module Full Persistent Unauthorized Access for All‑Roles via I |
| CVE-2026-34570 | 8.8 HIGH | CI4MS: Account Deletion Module Full Persistent Unauthorized Access for All‑Roles via Impro |
| CVE-2026-34561 | 4.7 MEDIUM | CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account T |
IV. Related Vulnerabilities
Same product: ci4ms
- CVE-2026-41891
CI4MS: Deactivated User Session Bypass (active=0) - CVE-2026-41890
CI4MS: Arbitrary Database Table Drop via Theme deleteProcess - CVE-2026-41203
ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE - CVE-2026-41202
ci4ms Backup::restore is vulnerable to Zip Slip leading to R - CVE-2026-41201
CI4MS: Backup Management Full Account Takeover for All-Roles
Same vendor: ci4-cms-erp
- CVE-2026-41891
CI4MS: Deactivated User Session Bypass (active=0) - CVE-2026-41890
CI4MS: Arbitrary Database Table Drop via Theme deleteProcess - CVE-2026-41203
ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE - CVE-2026-41202
ci4ms Backup::restore is vulnerable to Zip Slip leading to R - CVE-2026-41201
CI4MS: Backup Management Full Account Takeover for All-Roles
Same weakness: CWE-79
- CVE-2026-42455
LinkWarden: Stored XSS via Client-Side Archive Upload (Unsan - CVE-2026-42451
Grimmory: Stored XSS via Malicious EPUB Enables Session Toke - CVE-2026-42556
Postiz stored XSS in public preview page - CVE-2026-42224
ipl/web is vulnerable to reflected XSS by malformed search r - CVE-2026-42192
Plunk: Stored XSS in campaign view
V. Comments for CVE-2026-34562
No comments yet