PT-2023-29924 · Unknown · Codeigniter4

Psuet

·

Publicado

2023-10-30

·

Atualizado

2024-03-06

·

CVE-2023-46240

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions CodeIgniter4 versions prior to 4.4.3
Description CodeIgniter is a PHP full-stack web framework. If an error or exception occurs, a detailed error report is displayed even if in the production environment, potentially leaking confidential information.
Recommendations For versions prior to 4.4.3, upgrade to version 4.4.3 or later. As a temporary workaround for versions prior to 4.4.3, replace ini set('display errors','0') with ini set('display errors','Off') in app/Config/Boot/production.php.

Exploit

Correção

Generation of Error Message Containing Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-209

Identificadores relacionados

BIT-CODEIGNITER-2023-46240
CVE-2023-46240
GHSA-HWXF-QXJ7-7RFJ

Produtos afetados

Codeigniter4