codeigniter4 — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting codeigniter4. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CodeIgniter4 serves as a PHP framework for rapid web application development, particularly suited for building dynamic websites and APIs. Historically, it has faced vulnerabilities across multiple classes, including remote code execution, cross-site scripting (XSS), and privilege escalation, often stemming from input validation flaws and misconfigurations. While no major public security incidents have been widely documented, the 16 CVEs on record highlight persistent concerns, particularly around improper access controls and insecure deserialization. The framework's security posture has improved over time, but developers must remain vigilant about implementing proper input sanitization and security configurations to mitigate risks.

Top products by codeigniter4: CodeIgniter4 shield

CVEs 16

CVE ID	Title	CVSS	Severity	Published
CVE-2023-48707	Cleartext Storage of Sensitive Information in codeigniter4/shield — shieldCWE-312	5.0	Medium	2023-11-24
CVE-2023-48708	Insertion of Sensitive Information into Log in codeigniter4/shield — shieldCWE-532	5.0	Medium	2023-11-24
CVE-2023-27580	CodeIgniter Shield Password Shucking Vulnerability — shieldCWE-916	7.5	High	2023-03-13
CVE-2022-35943	SameSite may allow cross-site request forgery (CSRF) protection to be bypassed — shieldCWE-352	5.9	Medium	2022-08-12

This page lists every published CVE security advisory associated with codeigniter4. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

codeigniter4 — Vulnerabilities & Security Advisories 16