Skip to content

Remote CLI Command Execution Vulnerability in CodeIgniter4

Critical
MGatner published GHSA-xjp4-6w75-qrj7 Feb 26, 2022

Package

composer codeigniter4/framework (Composer)

Affected versions

< 4.1.9

Patched versions

4.1.9

Description

Impact

This vulnerability allows attackers to execute CLI routes via HTTP request.

Patches

Upgrade to v4.1.9 or later.

Workarounds

None.

For more information

If you have any questions or comments about this advisory:

Severity

Critical
9.4
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CVE ID

CVE-2022-24711

Weaknesses

Credits