Derek Jones

**Name of the Vulnerable Software and Affected Versions** CodeIgniter versions prior to 3.1.3 **Description** The issue allows remote attackers to execute arbitrary code. This is achieved by leveraging control over the `email->from` field to insert sendmail command-line arguments in the `system/libraries/Email.php` file. **Recommendations** For versions prior to 3.1.3, update to version 3.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `email->from` field to minimize the risk of exploitation.