cvedb.io
CVE-2022-24711
CRITICAL · CVSS 9.4
EPSS exploitation probability: 0%
Published 2022-02-28T16:15:07.970 · Last modified 2026-06-17T04:32:20.870

Summary

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability.

Affected products

codeigniter — codeigniter

Does this affect you?

Add your gear to cvedb and we'll alert you only when codeigniter ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.