Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Development CodeIgniter 3.x CVE-2022-40834 SQL Injection Vulnerability
CVE-2022-40834 SQL Injection Vulnerability
  • Offline reactionstudio
    Junior Member
  • **
  • Posts: 27
    Threads: 4
    Joined: May 2017
    Reputation: 2
#1
Exclamation  04-25-2024, 02:47 AM

Hello, I am wondering if the following CVE ever got patched: CVE-2022-40834. It says v3.1.13 is affected which seems to be the current version?
https://www.cvedetails.com/cve/CVE-2022-40835/
https://web.archive.org/web/202210071601.../README.md
There are also a number of other CVE's for v3.1.13
https://www.cvedetails.com/vulnerability...niter.html
Is CI3 still receiving security updates or are all these CVE's still exploitable?
Reply
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,315
    Threads: 90
    Joined: Oct 2014
    Reputation: 207
#2
04-25-2024, 03:44 AM
(This post was last modified: 04-25-2024, 04:22 AM by kenjis.)

(04-25-2024, 02:47 AM)reactionstudio Wrote: Is CI3 still receiving security updates or are all these CVE's still exploitable?

I don't know. But it is not well-maintained.

If you think the SQL injection attack vectors in web.archive.org are vulnerabilities in the framework,
I believe they are still exploitable.
FYI, the maintainer did not think these were vulnerabilities in the framework, but vulnerabilities in the application code, if I recall correctly.
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply




Theme © iAndrew 2016 - Forum software by © MyBB