Loading HuntDB...

GHSA-xjp4-6w75-qrj7

GitHub Security Advisory

Remote CLI Command Execution Vulnerability in CodeIgniter4

✓ GitHub Reviewed CRITICAL Has CVE

Advisory Details

### Impact
This vulnerability allows attackers to execute CLI routes via HTTP request.

### Patches
Upgrade to v4.1.9 or later.

### Workarounds
None.

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [codeigniter4/CodeIgniter4](https://github.com/codeigniter4/CodeIgniter4/issues)
* Email us at [SECURITY.md](https://github.com/codeigniter4/CodeIgniter4/blob/develop/SECURITY.md)

Affected Packages

Packagist codeigniter4/framework
Affected versions: 0 (fixed in 4.1.9)

Related CVEs

Key Information

GHSA ID
GHSA-xjp4-6w75-qrj7
Published
March 1, 2022 9:44 PM
Last Modified
March 1, 2022 9:44 PM
CVSS Score
9.0 /10
Primary Ecosystem
Packagist
Primary Package
codeigniter4/framework
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.