Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution Vulnerability in Validation Placeholders
Vulnerability Description
CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
CodeIgniter 代码注入漏洞
Vulnerability Description
CodeIgniter是一款使用PHP语言编写的开源Web框架。 CodeIgniter 4.3.5之前版本存在安全漏洞,该漏洞源于控制器中的验证方法和模型内验证存在问题,允许攻击者执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A