ci4-cms-erp — Vulnerabilities & Security Advisories 33

ci4-cms-erp is a content management and enterprise resource planning system built on the CodeIgniter 4 framework, primarily designed for small to medium businesses seeking integrated administrative and web publishing tools. Its architecture has historically exposed it to a significant number of security flaws, with twenty-seven Common Vulnerabilities and Exposures (CVEs) currently documented. These vulnerabilities predominantly stem from inadequate input validation and improper access controls, leading to frequent instances of Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. Additionally, privilege escalation issues have allowed unauthorized users to gain administrative access, compromising system integrity. The high volume of recorded CVEs indicates persistent weaknesses in the software’s security posture, suggesting that developers have struggled to consistently patch critical flaws. Organizations relying on this platform face substantial risks due to these known exploitable defects, necessitating rigorous monitoring and immediate updates to mitigate potential breaches.