CNNVD-202507-3524 Information
CNNVD ID
CNNVD-202507-3524
Related CVE
- CNNVD Published: 2025-07-28
Description (Chinese)
CodeIgniter是Codeigniter开源的一个轻量级、快速、灵活和安全的 PHP 全栈 Web 框架。 CodeIgniter 4.6.2之前版本存在操作系统命令注入漏洞,该漏洞源于ImageMagick处理用户控制文件名或文本时存在命令注入。
Description (English)
CodeIgniter is a lightweight, fast, flexible and secure PHP all-house Web framework for Codeigniter open source. Before CodeIgniter 4.6.2, there was an operational system command-injection loophole, which originated from the existence of a command-injection when ImageMagick processed a user-controlled file name or text.
Hazard Level
Low
Vulnerability Type
操作系统命令注入
Affected Vendor
Codeigniter
Published
2025-07-28
Last Modified
2026-02-24
References
https://owasp.org/www-community/attacks/Command_Injection https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-9952-gv64-x94c https://cwe.mitre.org/data/definitions/78.html https://github.com/codeigniter4/CodeIgniter4/commit/e18120bff1da691e1d15ffc1bf553ae7411762c0 https://access.redhat.com/security/cve/cve-2025-54418
Patch
https://github.com/codeigniter4/CodeIgniter4/releases
Share on: