CNNVD-202507-3327 Information
CNNVD ID
CNNVD-202507-3327
Related CVE
- CNNVD Published: 2025-07-25
Description (Chinese)
CodeIgniter 4是CodeIgniter开源的一个PHP全栈Web框架。 CodeIgniter 4 4.6.0版本存在安全漏洞,该漏洞源于debugbar_time参数清理不当,可能导致存储型跨站脚本。
Description (English)
CodeIgniter 4 is a PHP-wide Web framework for the CodeIgniter open source. There is a security loophole in CodeIgniter version 4.6.0, which stems from the inappropriate clean-up of debugbar time parameters, which may lead to storage-type cross-site scripts.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Codeigniter
Published
2025-07-25
Last Modified
2026-02-24
References
https://medium.com/@talktoshweta0/when-debugging-bites-back-exposing-a-persistent-xss-in-codeigniter4-c9caf804a190 https://nvd.nist.gov/vuln/detail/CVE-2020-15943 https://github.com/advisories/GHSA-7h5r-54mm-w4pq https://www.exploit-db.com/exploits/50556 https://access.redhat.com/security/cve/cve-2025-45406
Patch
https://codeigniter.com/download
Share on: