Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
Vulnerability Description
CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过错误消息导致的信息暴露
Vulnerability Title
CodeIgniter 安全漏洞
Vulnerability Description
CodeIgniter是一款使用PHP语言编写的开源Web框架。 CodeIgniter 4.4.3之前版本存在安全漏洞。攻击者利用该漏洞获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A