BIT-codeigniter-2020-10793

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/codeigniter/BIT-codeigniter-2020-10793.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-codeigniter-2020-10793
Aliases
Published
2024-03-06T10:54:48.688Z
Modified
2024-04-24T18:11:46.181166Z
Summary
[none]
Details

CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown website built with the CodeIgniter framework but that CodeIgniter is not responsible for introducing this issue because the framework has never provided a login screen, nor any kind of login or user management facilities beyond a Session library. Also, another reporter indicates the issue is with a custom module/plugin to CodeIgniter, not CodeIgniter itself.

Database specific
{
    "cpes": [
        "cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / codeigniter

Package

Name
codeigniter
Purl
pkg:bitnami/codeigniter

Severity

  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.0