Known Vulnerabilities
CVE-2024-41344
A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges.
HIGH
CVSS 7.5
Published Oct 15, 2024
CVE-2022-40829
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_like() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CRITICAL
CVSS 9.8
Published Oct 07, 2022
CVE-2022-40830
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CRITICAL
CVSS 9.8
Published Oct 07, 2022