ci4-cms-erp — Vulnerabilities & Security Advisories 33

Browse all 33 CVE security advisories affecting ci4-cms-erp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ci4-cms-erp is a content management and enterprise resource planning system built on the CodeIgniter 4 framework, primarily designed for small to medium businesses seeking integrated administrative and web publishing tools. Its architecture has historically exposed it to a significant number of security flaws, with twenty-seven Common Vulnerabilities and Exposures (CVEs) currently documented. These vulnerabilities predominantly stem from inadequate input validation and improper access controls, leading to frequent instances of Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. Additionally, privilege escalation issues have allowed unauthorized users to gain administrative access, compromising system integrity. The high volume of recorded CVEs indicates persistent weaknesses in the software’s security posture, suggesting that developers have struggled to consistently patch critical flaws. Organizations relying on this platform face substantial risks due to these known exploitable defects, necessitating rigorous monitoring and immediate updates to mitigate potential breaches.

Top products by ci4-cms-erp: ci4ms

Critical2026-04-09

Post-Installation Re-entry via Cache-Dependent Install Guard Bypass in ci4ms · Advisory · ci4-cms-erp/ci4ms · GitHub

Medium2026-04-09

Stored XSS via srcdoc attribute bypass in Google Maps iframe setting · Advisory · ci4-cms-erp/ci4ms · GitHub

Critical2026-04-07

Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escala

Critical2026-04-07

User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS · Advisory · ci4-cms-erp/c

Critical2026-04-02

Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS · Advisory · ci4-c

Account Deletion Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS · Advisory · ci4-cms-erp/ci4ms

HighCVE-2024-384462026-04-02

Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS · Advisory · ci4-cms-erp/

Critical2026-04-02

Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS · Advisory · ci4-cms-erp/ci4ms · GitH

Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Acc

Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS · Advisory · ci4-c

MediumCVE-2026-255092026-02-04

User Email Enumeration via Password Reset Flow · Advisory · ci4-cms-erp/ci4ms · GitHub

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with ci4-cms-erp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.