Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14anA0LTZ3NzUtcXJqN80vgQ
Remote CLI Command Execution Vulnerability in CodeIgniter4
Impact
This vulnerability allows attackers to execute CLI routes via HTTP request.
Patches
Upgrade to v4.1.9 or later.
Workarounds
None.
For more information
If you have any questions or comments about this advisory:
- Open an issue in codeigniter4/CodeIgniter4
- Email us at SECURITY.md
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14anA0LTZ3NzUtcXJqN80vgQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: 10 months ago
CVSS Score: 9.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Identifiers: GHSA-xjp4-6w75-qrj7, CVE-2022-24711
References:
- https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-xjp4-6w75-qrj7
- https://nvd.nist.gov/vuln/detail/CVE-2022-24711
- https://github.com/codeigniter4/CodeIgniter4/commit/202f41ad522ba1d414b9d9c35aba1cb0c156b781
- https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-24711.yaml
- https://github.com/advisories/GHSA-xjp4-6w75-qrj7
Blast Radius: 31.3
Affected Packages
packagist:codeigniter4/framework
Dependent packages: 257Dependent repositories: 2,160
Downloads: 2,363,629 total
Affected Version Ranges: < 4.1.9
Fixed in: 4.1.9
All affected versions: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8
All unaffected versions: 4.1.9, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.10, 4.2.11, 4.2.12, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5