GHSA-xjp4-6w75-qrj7
GitHub Security Advisory
Remote CLI Command Execution Vulnerability in CodeIgniter4
✓ GitHub Reviewed
CRITICAL
Has CVE
Advisory Details
### Impact
This vulnerability allows attackers to execute CLI routes via HTTP request.
### Patches
Upgrade to v4.1.9 or later.
### Workarounds
None.
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [codeigniter4/CodeIgniter4](https://github.com/codeigniter4/CodeIgniter4/issues)
* Email us at [SECURITY.md](https://github.com/codeigniter4/CodeIgniter4/blob/develop/SECURITY.md)
Affected Packages
Packagist
codeigniter4/framework
Affected versions:
0
(fixed in 4.1.9)
Related CVEs
Key Information
9.0
/10
Dataset
Last updated: July 12, 2025 6:29 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.