Vulnerability Description
CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codeigniter | Codeigniter | < 4.3.5 |
Related Weaknesses (CWE)
References
- https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.mdRelease Notes
- https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-m6m8-6gq8-MitigationVendor Advisory
- https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.mdRelease Notes
- https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-m6m8-6gq8-MitigationVendor Advisory
FAQ
What is CVE-2023-32692?
CVE-2023-32692 is a vulnerability with a CVSS score of 9.8 (CRITICAL). CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, a...
How severe is CVE-2023-32692?
CVE-2023-32692 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-32692?
Check the references section above for vendor advisories and patch information. Affected products include: Codeigniter Codeigniter.