codeigniter4 — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting codeigniter4. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CodeIgniter4 serves as a PHP framework for rapid web application development, particularly suited for building dynamic websites and APIs. Historically, it has faced vulnerabilities across multiple classes, including remote code execution, cross-site scripting (XSS), and privilege escalation, often stemming from input validation flaws and misconfigurations. While no major public security incidents have been widely documented, the 16 CVEs on record highlight persistent concerns, particularly around improper access controls and insecure deserialization. The framework's security posture has improved over time, but developers must remain vigilant about implementing proper input sanitization and security configurations to mitigate risks.

Top products by codeigniter4: CodeIgniter4 shield

CVEs 16

CVE ID	Title	CVSS	Severity	Published
CVE-2025-54418	CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability — CodeIgniter4CWE-78	9.8	Critical	2025-07-28
CVE-2025-24013	CodeIgniter validation of header name and value — CodeIgniter4CWE-436	5.3	Medium	2025-01-20
CVE-2024-29904	CodeIgniter4 Language class DoS Vulnerability — CodeIgniter4CWE-835	7.5	High	2024-03-29
CVE-2023-46240	CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment — CodeIgniter4CWE-209	7.5	High	2023-10-31
CVE-2023-32692	Remote Code Execution Vulnerability in Validation Placeholders — CodeIgniter4CWE-94	9.8	Critical	2023-05-30
CVE-2022-46170	CodeIgniter is vulnerable to improper authentication via Session Handlers — CodeIgniter4CWE-287	8.6	High	2022-12-22
CVE-2022-23556	CodeIgniter is vulnerable to IP address spoofing when using proxy — CodeIgniter4CWE-345	7.0	High	2022-12-22
CVE-2022-39284	Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued in Codeigniter4 — CodeIgniter4CWE-665	2.6	Low	2022-10-06
CVE-2022-24712	Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4 — CodeIgniter4CWE-352	6.3	Medium	2022-02-28
CVE-2022-24711	Remote CLI Command Execution Vulnerability in CodeIgniter4 — CodeIgniter4CWE-20	9.4	Critical	2022-02-28
CVE-2022-21715	Cross-site Scripting Vulnerability in CodeIgniter4 — CodeIgniter4CWE-79	5.4	Medium	2022-01-24
CVE-2022-21647	Deserialization of Untrusted Data in Codeigniter4 — CodeIgniter4CWE-502	7.7	High	2022-01-04

This page lists every published CVE security advisory associated with codeigniter4. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

codeigniter4 — Vulnerabilities & Security Advisories 16