Описание
Remote CLI Command Execution Vulnerability in CodeIgniter4
Impact
This vulnerability allows attackers to execute CLI routes via HTTP request.
Patches
Upgrade to v4.1.9 or later.
Workarounds
None.
For more information
If you have any questions or comments about this advisory:
- Open an issue in codeigniter4/CodeIgniter4
- Email us at SECURITY.md
Ссылки
- https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-xjp4-6w75-qrj7
- https://nvd.nist.gov/vuln/detail/CVE-2022-24711
- https://github.com/codeigniter4/CodeIgniter4/commit/202f41ad522ba1d414b9d9c35aba1cb0c156b781
- https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-24711.yaml
Пакеты
Наименование
codeigniter4/framework
composer
Затронутые версииВерсия исправления
< 4.1.9
4.1.9
Связанные уязвимости
CVSS3: 9.4
nvd
почти 4 года назад
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability.
CVSS3: 9.4
debian
почти 4 года назад
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web fr ...