Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

codeigniter4 — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting codeigniter4. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CodeIgniter4 serves as a PHP framework for rapid web application development, particularly suited for building dynamic websites and APIs. Historically, it has faced vulnerabilities across multiple classes, including remote code execution, cross-site scripting (XSS), and privilege escalation, often stemming from input validation flaws and misconfigurations. While no major public security incidents have been widely documented, the 16 CVEs on record highlight persistent concerns, particularly around improper access controls and insecure deserialization. The framework's security posture has improved over time, but developers must remain vigilant about implementing proper input sanitization and security configurations to mitigate risks.

Top products by codeigniter4: CodeIgniter4 shield
CVE IDTitleCVSSSeverityPublished
CVE-2025-54418 CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability — CodeIgniter4CWE-78 9.8 Critical2025-07-28
CVE-2025-24013 CodeIgniter validation of header name and value — CodeIgniter4CWE-436 5.3 Medium2025-01-20
CVE-2024-29904 CodeIgniter4 Language class DoS Vulnerability — CodeIgniter4CWE-835 7.5 High2024-03-29
CVE-2023-48707 Cleartext Storage of Sensitive Information in codeigniter4/shield — shieldCWE-312 5.0 Medium2023-11-24
CVE-2023-48708 Insertion of Sensitive Information into Log in codeigniter4/shield — shieldCWE-532 5.0 Medium2023-11-24
CVE-2023-46240 CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment — CodeIgniter4CWE-209 7.5 High2023-10-31
CVE-2023-32692 Remote Code Execution Vulnerability in Validation Placeholders — CodeIgniter4CWE-94 9.8 Critical2023-05-30
CVE-2023-27580 CodeIgniter Shield Password Shucking Vulnerability — shieldCWE-916 7.5 High2023-03-13
CVE-2022-46170 CodeIgniter is vulnerable to improper authentication via Session Handlers — CodeIgniter4CWE-287 8.6 High2022-12-22
CVE-2022-23556 CodeIgniter is vulnerable to IP address spoofing when using proxy — CodeIgniter4CWE-345 7.0 High2022-12-22
CVE-2022-39284 Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued in Codeigniter4 — CodeIgniter4CWE-665 2.6 Low2022-10-06
CVE-2022-35943 SameSite may allow cross-site request forgery (CSRF) protection to be bypassed — shieldCWE-352 5.9 Medium2022-08-12
CVE-2022-24712 Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4 — CodeIgniter4CWE-352 6.3 Medium2022-02-28
CVE-2022-24711 Remote CLI Command Execution Vulnerability in CodeIgniter4 — CodeIgniter4CWE-20 9.4 Critical2022-02-28
CVE-2022-21715 Cross-site Scripting Vulnerability in CodeIgniter4 — CodeIgniter4CWE-79 5.4 Medium2022-01-24
CVE-2022-21647 Deserialization of Untrusted Data in Codeigniter4 — CodeIgniter4CWE-502 7.7 High2022-01-04

This page lists every published CVE security advisory associated with codeigniter4. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.