Server Overload Risk Vulnerability Fixes |
We've identified and patched a vulnerability in the "Server Overload Risk Fixes" of CodeIgniter 2.6 that could potentially lead to Denial of Service (DoS) attacks. This vulnerability allows an attacker to consume a large amount of memory on the server.
Vulnerability Details:
We've developed a fix for this vulnerability that involves modifying two core files: Router.php and URI.php. The fix ensures that regular expressions used in routing and URI validation are properly anchored to prevent malicious exploitation. Patch: Code: diff --git a/system/core/Router.php b/system/core/Router.php Thank you for your attention to this matter and your continued support of CodeIgniter. Best regards.
It seems you just changed "^...$" to "\A...\z" and added `u` option.
Could you elaborate about the DoS attacks?
How do you expect us to believe you are concerned about vulnerabilities when you run code that is so outdated & vulnerable? Why spend time painting the walls while the house is burning??
You are probably running a very vulnerable PHP version too. I doubt CI 2.6 will run on PHP 8.2 or 8.3. The fix is to upgrade to CI4 & PHP 8. |
Welcome Guest, Not a member yet? Register Sign In |