Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Codeigniter Number Of NVD 37 CRITICAL 21 HIGH 6 MEDIUM 8 LOW 1
URL https://www.codeigniter.com/
Explanation It is a free and open MVC model web framework for quick development of PHP.
It is one of the oldest and most widely used PHP frameworks, and since version 3, it has been licensed under the MIT license, which solves the licensing problem.
Tag
  • MIT License
  • PHP
Add Information URL
No Type Name URL
1 https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md
2 https://www.codeigniter.com/userguide3/changelog.html
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
11 CodeIgniter 4 4.7.2 March 24, 2026 Feb. 24, 2020 4 5 2 0
12 CodeIgniter 3 3.1.13 March 4, 2022 March 30, 2015 15 4 0 0
13 CodeIgniter 2 2.2.5 Oct. 31, 2015 6 3 2 0
14 CodeIgniter 1 1.7.2 Jan. 1, 2000 6 3 6 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
11 9.8
- 		CRITICAL
Network 		B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_not_in() function. Note: Multiple third parties have disputed this as n… CWE-89
SQL Injection 		CVE-2022-40830 cpe:2.3:a:codeigniter:codeigniter:3.0:rc
cpe:2.3:a:codeigniter:codeigniter:3.0:rc3
cpe:2.3:a:codeigniter:codeigni… 		3.0 3.1.13 2024-11-21 16:22
2022-10-7 		Show GitHub Exploit DB Packet Storm
12 9.8
- 		CRITICAL
Network 		B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_like() function. Note: Multiple third parties have disputed this as not a … CWE-89
SQL Injection 		CVE-2022-40829 cpe:2.3:a:codeigniter:codeigniter:3.0:rc
cpe:2.3:a:codeigniter:codeigniter:3.0:rc3
cpe:2.3:a:codeigniter:codeigni… 		3.0 3.1.13 2024-11-21 16:22
2022-10-7 		Show GitHub Exploit DB Packet Storm
13 9.8
- 		CRITICAL
Network 		B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_not_in() function. Note: Multiple third parties have disputed this a… CWE-89
SQL Injection 		CVE-2022-40828 cpe:2.3:a:codeigniter:codeigniter:3.0:rc
cpe:2.3:a:codeigniter:codeigniter:3.0:rc3
cpe:2.3:a:codeigniter:codeigni… 		3.0 3.1.13 2024-11-21 16:22
2022-10-7 		Show GitHub Exploit DB Packet Storm
14 9.8
- 		CRITICAL
Network 		B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function. Note: Multiple third parties have disputed this as not a va… CWE-89
SQL Injection 		CVE-2022-40827 cpe:2.3:a:codeigniter:codeigniter:3.0:rc
cpe:2.3:a:codeigniter:codeigniter:3.0:rc3
cpe:2.3:a:codeigniter:codeigni… 		3.0 3.1.13 2024-11-21 16:22
2022-10-7 		Show GitHub Exploit DB Packet Storm
15 9.8
- 		CRITICAL
Network 		B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function. Note: Multiple third parties have disputed this as not … CWE-89
SQL Injection 		CVE-2022-40826 cpe:2.3:a:codeigniter:codeigniter:3.0:rc
cpe:2.3:a:codeigniter:codeigniter:3.0:rc3
cpe:2.3:a:codeigniter:codeigni… 		3.0 3.1.13 2024-11-21 16:22
2022-10-7 		Show GitHub Exploit DB Packet Storm
16 9.8
- 		CRITICAL
Network 		B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_in() function. Note: Multiple third parties have disputed this as not a… CWE-89
SQL Injection 		CVE-2022-40825 cpe:2.3:a:codeigniter:codeigniter:3.0:rc
cpe:2.3:a:codeigniter:codeigniter:3.0:rc3
cpe:2.3:a:codeigniter:codeigni… 		3.0 3.1.13 2024-11-21 16:22
2022-10-7 		Show GitHub Exploit DB Packet Storm
17 9.8
- 		CRITICAL
Network 		B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where() function. Note: Multiple third parties have disputed this as not a… CWE-89
SQL Injection 		CVE-2022-40824 cpe:2.3:a:codeigniter:codeigniter:3.0:rc
cpe:2.3:a:codeigniter:codeigniter:3.0:rc3
cpe:2.3:a:codeigniter:codeigni… 		3.0 3.1.13 2024-11-21 16:22
2022-10-7 		Show GitHub Exploit DB Packet Storm
18 4.3
- 		MEDIUM
Network 		CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCooki… CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2022-39284 cpe:2.3:a:codeigniter:codeigniter:*:* 4.0.0 4.2.7 2024-11-21 16:17
2022-10-7 		Show GitHub Exploit DB Packet Storm
19 8.8
- 		HIGH
Network 		Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF prot… - CVE-2022-35943 cpe:2.3:a:codeigniter:codeigniter:*:* 4.2.3 2024-11-21 16:12
2022-08-13 		Show GitHub Exploit DB Packet Storm
20 8.8
6.8 		HIGH
Network 		CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Fo… - CVE-2022-24712 cpe:2.3:a:codeigniter:codeigniter:*:* 4.0.0 4.1.9 2024-11-21 15:50
2022-03-1 		Show GitHub Exploit DB Packet Storm