CVE-2022-46170

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions CodeIgniter versions prior to 4.2.11

Description The issue arises when an application uses multiple session cookies and a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler. If an attacker obtains one session cookie, they may be able to access pages that require another session cookie.

Recommendations For versions prior to 4.2.11, upgrade to version 4.2.11 or later. As a temporary workaround, consider using only one session cookie until the issue is resolved.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BIT-CODEIGNITER-2022-46170

CVE-2022-46170

GHSA-6CQ5-8CJ7-G558

Affected Products

Codeigniter

CVE-2022-46170

Weakness Enumeration

Related Identifiers

Affected Products

References · 10