Remote CLI Command Execution Vulnerability in CodeIgniter4 · CVE-2022-24711 · GitHub Advisory Database · GitHub

Remote CLI Command Execution Vulnerability in CodeIgniter4

Critical severity GitHub Reviewed Published Feb 26, 2022 in codeigniter4/CodeIgniter4 • Updated Jan 24, 2024

Package

codeigniter4/framework (Composer)

Affected versions

< 4.1.9

Patched versions

4.1.9

Description

Impact

This vulnerability allows attackers to execute CLI routes via HTTP request.

Patches

Upgrade to v4.1.9 or later.

Workarounds

None.

For more information

If you have any questions or comments about this advisory:

Open an issue in codeigniter4/CodeIgniter4
Email us at SECURITY.md

References

MGatner published to codeigniter4/CodeIgniter4

Feb 26, 2022

Published by the National Vulnerability Database

Feb 28, 2022

Published to the GitHub Advisory Database Mar 1, 2022

Reviewed Mar 1, 2022

Last updated Jan 24, 2024

Severity

Critical

9.4

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H