Home > Vulnerability Database > CVE-2022-46170

Mend.io Vulnerability Database

CVE-2022-46170

Date: December 22, 2022

CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to "DatabaseHandler", "MemcachedHandler", or "RedisHandler", then if an attacker gets one session cookie (e.g., one for user pages), they may be able to access pages that require another session cookie (e.g., for admin pages). This issue has been patched, please upgrade to version 4.2.11 or later. As a workaround, use only one session cookie.

Language: PHP

Severity Score

8.6

Related Resources (7)

Url: https://codeigniter4.github.io/userguide/libraries/sessions.html#session-drivers

Url: https://github.com/codeigniter4/CodeIgniter4

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-46170

Url: https://github.com/codeigniter4/CodeIgniter4/commit/f9fb6574fbeb5a4aa63f7ea87296523e10db9328

Url: https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-6cq5-8cj7-g558

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-46170.yaml

Url: https://www.mend.io/vulnerability-database/CVE-2022-46170

Severity Score

8.6

Weakness Type (CWE)

Improper Authentication

CWE-287

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2022-46170

Date: December 22, 2022

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?