VDB
KO
CRITICAL 9.8

GHSA-2pcj-76hj-xqhm

CodeIgniter arbitrary code execution

Details

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist / bcit-ci/codeigniter
Introduced in: 0 Fixed in: 3.1.3
Fix composer require bcit-ci/codeigniter:^3.1.3

References