Home > Vulnerability Database > CVE-2023-32692

Mend.io Vulnerability Database

CVE-2023-32692

Date: May 29, 2023

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5. Converted from WS-2023-0145, on 2023-05-30.

Language: PHP

Severity Score

9.8

Related Resources (7)

Url: https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md

Url: https://github.com/codeigniter4/CodeIgniter4

Url: https://github.com/codeigniter4/CodeIgniter4/commit/6af677177fa1d9ad62f7a793bc96cba3068632ba

Url: https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md#v435-2023-05-21

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-32692

Url: https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-m6m8-6gq8-c9fj

Url: https://www.mend.io/vulnerability-database/CVE-2023-32692

Severity Score

9.8

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-32692

Date: May 29, 2023

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?