Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deserialization of Untrusted Data in Codeigniter4
Vulnerability Description
CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL injection. Users are advised to upgrade to v4.1.6 or later. Users unable to upgrade as advised to not use the `old()` function and form_helper nor `RedirectResponse::withInput()` and `redirect()->withInput()`.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
CodeIgniter 代码问题漏洞
Vulnerability Description
CodeIgniter是一款使用PHP语言编写的开源Web框架。 CodeIgniter 存在代码问题漏洞,该漏洞源于软件中的old() 函数中发现了不可信数据的反序列化。远程攻击者可能会注入带有此漏洞的可自动加载的任意对象,并可能在服务器上执行现有的PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A