← Voltar para CVEs

CVE-2023-32692

CRITICAL

9.8

Descricao

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado5/30/2023

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

codeigniter:codeigniter

Fraquezas (CWE)

CWE-94CWE-94

Referencias

https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md(security-advisories@github.com)

https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-m6m8-6gq8-c9fj(security-advisories@github.com)

https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-m6m8-6gq8-c9fj(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.