CVE-2022-24711

Опубликовано: 28 фев. 2022

Источник: nvd

CVSS3: 9.4

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability.

Ссылки

https://github.com/codeigniter4/CodeIgniter4/commit/202f41ad522ba1d414b9d9c35aba1cb0c156b781
Patch
Third Party Advisory
https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-xjp4-6w75-qrj7
Third Party Advisory
https://github.com/codeigniter4/CodeIgniter4/commit/202f41ad522ba1d414b9d9c35aba1cb0c156b781
Patch
Third Party Advisory
https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-xjp4-6w75-qrj7
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*

Версия от 4.0.0 (включая) до 4.1.9 (исключая)

EPSS

Процентиль: 61%

0.00413

Низкий

9.4 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2022-24711

CVSS3: 9.4

debian

почти 4 года назад

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web fr ...

GHSA-xjp4-6w75-qrj7

CVSS3: 9.4

github

почти 4 года назад

Remote CLI Command Execution Vulnerability in CodeIgniter4

EPSS

Процентиль: 61%

0.00413

Низкий

9.4 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20