codeigniter4/framework Security Advisories for v4.2.10 (7)
-
[CRITICAL] CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability
PKSA-7ybs-j1bv-y5mc CVE-2025-54418 GHSA-9952-gv64-x94c
Affected version: <4.6.2
Reported by:
GitHub -
[MEDIUM] Missing validation of header name and value in codeigniter4/framework
PKSA-qbjf-dc24-wrff CVE-2025-24013 GHSA-x5mq-jjr3-vmx6
Affected version: <4.5.8
Reported by:
GitHub -
[HIGH] CodeIgniter4 DoS Vulnerability
PKSA-j54j-8c7k-rccq CVE-2024-29904 GHSA-39fp-mqmm-gxj6
Affected version: <4.4.7
Reported by:
GitHub -
[HIGH] CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
PKSA-mscv-ktn8-2rsz CVE-2023-46240 GHSA-hwxf-qxj7-7rfj
Affected version: <=4.4.2
Reported by:
GitHub -
[CRITICAL] Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4
PKSA-3xnc-9vd8-pd26 CVE-2023-32692 GHSA-m6m8-6gq8-c9fj
Affected version: <4.3.5
Reported by:
GitHub -
[HIGH] CVE-2022-23556: Attackers may spoof IP address when using proxy
PKSA-5qsc-rptw-773m CVE-2022-23556 GHSA-ghw3-5qvm-3mqc
Affected version: <4.2.11
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] CVE-2022-46170: Potential Session Handlers Vulnerability
PKSA-fdn3-tjqj-tbrj CVE-2022-46170 GHSA-6cq5-8cj7-g558
Affected version: <4.2.11
Reported by:
FriendsOfPHP/security-advisories, GitHub