CVE-2023-32692

Name of the Vulnerable Software and Affected Versions CodeIgniter versions prior to 4.3.5

Description This issue allows attackers to execute arbitrary code when using Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also affected because they use the Validation library internally.

Recommendations For versions prior to 4.3.5, upgrade to version 4.3.5 or later. As a temporary workaround, consider setting validation rules with an array to minimize the risk of exploitation. For example, use $validation->setRules(['email' => ['required','valid email, 'is unique[users.email,id,{id}]']]) to set validation rules.