Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Codeigniter Number Of NVD 37 CRITICAL 21 HIGH 6 MEDIUM 8 LOW 1
URL https://www.codeigniter.com/
Explanation It is a free and open MVC model web framework for quick development of PHP.
It is one of the oldest and most widely used PHP frameworks, and since version 3, it has been licensed under the MIT license, which solves the licensing problem.
Tag
  • MIT License
  • PHP
Add Information URL
No Type Name URL
1 https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md
2 https://www.codeigniter.com/userguide3/changelog.html
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 CodeIgniter 4 4.7.2 March 24, 2026 Feb. 24, 2020 4 5 2 0
2 CodeIgniter 3 3.1.13 March 4, 2022 March 30, 2015 15 4 0 0
3 CodeIgniter 2 2.2.5 Oct. 31, 2015 6 3 2 0
4 CodeIgniter 1 1.7.2 Jan. 1, 2000 6 3 6 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 -
- 		- CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagic… CWE-78
OS Command  		CVE-2025-54418 cpe:2.3:a:codeigniter:codeigniter:*:* 4.0.0 4.6.2 2025-08-6 00:46
2025-07-29 		Show GitHub Exploit DB Packet Storm
2 7.5
- 		HIGH
Network 		CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a r… - CVE-2023-46240 cpe:2.3:a:codeigniter:codeigniter:*:* 4.4.3 2024-11-21 17:28
2023-11-1 		Show GitHub Exploit DB Packet Storm
3 9.8
- 		CRITICAL
Network 		CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, … CWE-94
Code Injection 		CVE-2023-32692 cpe:2.3:a:codeigniter:codeigniter:*:* 4.3.5 2024-11-21 17:03
2023-05-30 		Show GitHub Exploit DB Packet Storm
4 9.8
- 		CRITICAL
Network 		CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseH… - CVE-2022-46170 cpe:2.3:a:codeigniter:codeigniter:*:* 4.0.0 4.2.11 2024-11-21 16:30
2022-12-23 		Show GitHub Exploit DB Packet Storm
5 7.5
- 		HIGH
Network 		CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade … - CVE-2022-23556 cpe:2.3:a:codeigniter:codeigniter:*:* 4.0.0 4.2.11 2024-11-21 15:48
2022-12-23 		Show GitHub Exploit DB Packet Storm
6 9.8
- 		CRITICAL
Network 		B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php. Note: Multiple third parties have disputed this as not a valid vulnerability CWE-89
SQL Injection 		CVE-2022-40835 cpe:2.3:a:codeigniter:codeigniter:3.0:rc
cpe:2.3:a:codeigniter:codeigniter:3.0:rc3
cpe:2.3:a:codeigniter:codeigni… 		3.0 3.1.13 2024-11-21 16:22
2022-10-7 		Show GitHub Exploit DB Packet Storm
7 9.8
- 		CRITICAL
Network 		B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function. Note: Multiple third parties have disputed this as no… CWE-89
SQL Injection 		CVE-2022-40834 cpe:2.3:a:codeigniter:codeigniter:3.0:rc
cpe:2.3:a:codeigniter:codeigniter:3.0:rc3
cpe:2.3:a:codeigniter:codeigni… 		3.0 3.1.13 2024-11-21 16:22
2022-10-7 		Show GitHub Exploit DB Packet Storm
8 9.8
- 		CRITICAL
Network 		B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as no… CWE-89
SQL Injection 		CVE-2022-40833 cpe:2.3:a:codeigniter:codeigniter:3.0:rc
cpe:2.3:a:codeigniter:codeigniter:3.0:rc3
cpe:2.3:a:codeigniter:codeigni… 		3.0 3.1.13 2024-11-21 16:22
2022-10-7 		Show GitHub Exploit DB Packet Storm
9 9.8
- 		CRITICAL
Network 		B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php having() function. Note: Multiple third parties have disputed this as not a v… CWE-89
SQL Injection 		CVE-2022-40832 cpe:2.3:a:codeigniter:codeigniter:3.0:rc
cpe:2.3:a:codeigniter:codeigniter:3.0:rc3
cpe:2.3:a:codeigniter:codeigni… 		3.0 3.1.13 2024-11-21 16:22
2022-10-7 		Show GitHub Exploit DB Packet Storm
10 9.8
- 		CRITICAL
Network 		B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php like() function. Note: Multiple third parties have disputed this as not a val… CWE-89
SQL Injection 		CVE-2022-40831 cpe:2.3:a:codeigniter:codeigniter:3.0:rc
cpe:2.3:a:codeigniter:codeigniter:3.0:rc3
cpe:2.3:a:codeigniter:codeigni… 		3.0 3.1.13 2024-11-21 16:22
2022-10-7 		Show GitHub Exploit DB Packet Storm