CVE-2020-10793

Published: Mar 23, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown website built with the CodeIgniter framework but that CodeIgniter is not responsible for introducing this issue because the framework has never provided a login screen, nor any kind of login or user management facilities beyond a Session library. Also, another reporter indicates the issue is with a custom module/plugin to CodeIgniter, not CodeIgniter itself.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://medium.com/%40vbharad/account-takeover-via-modifying-email-id-codeigniter-framework-ca30741ad297

x_refsource_MISC

https://codeigniter4.github.io/userguide/extending/authentication.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-10793

Description

Affected Products

References