Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Codeigniter Number Of NVD 37 CRITICAL 21 HIGH 6 MEDIUM 8 LOW 1
URL https://www.codeigniter.com/
Explanation It is a free and open MVC model web framework for quick development of PHP.
It is one of the oldest and most widely used PHP frameworks, and since version 3, it has been licensed under the MIT license, which solves the licensing problem.
Tag
  • MIT License
  • PHP
Add Information URL
No Type Name URL
1 https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md
2 https://www.codeigniter.com/userguide3/changelog.html
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
31 CodeIgniter 4 4.7.2 March 24, 2026 Feb. 24, 2020 4 5 2 0
32 CodeIgniter 3 3.1.13 March 4, 2022 March 30, 2015 15 4 0 0
33 CodeIgniter 2 2.2.5 Oct. 31, 2015 6 3 2 0
34 CodeIgniter 1 1.7.2 Jan. 1, 2000 6 3 6 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
31 9.8
7.5 		CRITICAL
Network 		CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by lever… CWE-310
Cryptographic Issues 		CVE-2014-8684 cpe:2.3:a:codeigniter:codeigniter:*:* 2.2.6 2024-11-21 11:19
2017-09-20 		Show GitHub Exploit DB Packet Storm
32 9.8
7.5 		CRITICAL
Network 		system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. CWE-74
Injection 		CVE-2016-10131 cpe:2.3:a:codeigniter:codeigniter:*:* 3.1.2 2024-11-21 11:43
2017-01-12 		Show GitHub Exploit DB Packet Storm
33 -
5.0 		MEDIUM CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaff… CWE-200
Information Exposure 		CVE-2011-3719 cpe:2.3:a:codeigniter:codeigniter:1.7.2:* 2024-11-21 10:31
2011-09-24 		Show GitHub Exploit DB Packet Storm
34 -
2.1 		LOW The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie. NVD-CWE-Other
CVE-2007-3706 cpe:2.3:a:codeigniter:codeigniter:1.5.3:* 2026-04-23 09:35
2007-07-12 		Show GitHub Exploit DB Packet Storm
35 -
5.0 		MEDIUM Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enable_query_strings is true, allows remote attackers to read arbitrary files via a .. (dot dot) in the c par… NVD-CWE-Other
CVE-2007-3707 cpe:2.3:a:codeigniter:codeigniter:1.5.3:* 2026-04-23 09:35
2007-07-12 		Show GitHub Exploit DB Packet Storm
36 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag m… NVD-CWE-Other
CVE-2007-3708 cpe:2.3:a:codeigniter:codeigniter:1.5.3:* 2026-04-23 09:35
2007-07-12 		Show GitHub Exploit DB Packet Storm
37 -
5.0 		MEDIUM CRLF injection vulnerability in the redirect function in url_helper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, a… NVD-CWE-Other
CVE-2007-3709 cpe:2.3:a:codeigniter:codeigniter:1.5.3:* 2026-04-23 09:35
2007-07-12 		Show GitHub Exploit DB Packet Storm