vulnerability
FreeBSD: VID-71EBBC50-01C1-11E7-AE1B-002590263BF5: codeigniter -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:N/C:C/I:P/A:N) | Jan 9, 2017 | Mar 6, 2017 | Feb 19, 2025 |
Description
The CodeIgniter changelog reports:
Fixed an XSS vulnerability in Security Library method xss_clean().
Fixed a possible file inclusion vulnerability in Loader Library
method vars().
Fixed a possible remote code execution vulnerability in the Email
Library when ‘mail’ or ‘sendmail’ are used (thanks to Paul Buonopane
from NamePros).
Added protection against timing side-channel attacks in Security
Library method csrf_verify().
Added protection against BREACH attacks targeting the CSRF token
field generated by Form Helper function form_open().
Solution
References
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.