News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Secunia.com:
CodeIgniter Weakness and Directory Traversal Vulnerability
July 11, 2007 @ 11:07:00

On the Secunia.com site today, there's a new vulnerability posted that users of the CodeIgniter framework should pay attention to - a "weakness and directory traversal vulnerability".

Lukasz Pilorz has reported a vulnerability and a weakness in CodeIgniter, which can be exploited by malicious people to disclose sensitive information and conduct cross-site scripting and header injection attacks.

There are two problems that lead to this issue - a non-sanitized input parameter and unsanitized data being passed to the xss_clean function. These issues affect CodeIgniter version 1.5.3 and, as of the time of this post, no update has been made in an official release. It is mentioned, however, that the problem has been fixed in the CVS and is waiting for a release.

0 comments voice your opinion now!
codeigniter weakness directory traversal vulnerability framework codeigniter weakness directory traversal vulnerability framework


blog comments powered by Disqus

Similar Posts

Davey Shafik's Blog: Sneak Peek: Zend_Service_Server - name and framework subject to change

Sanisoft Blog: Email component in CakePHP is now Header Injection safe

Tiger Heron Blog: First steps with PHP - booting a script, Part 2

CodeIgniter.com: Amazing Progress Report & Addition of IRC to CodeIgniter.com

Fabien Potencier's Blog: PHP Serialization, Stack Traces, and Exceptions


Community Events











Don't see your event here?
Let us know!


composer language opinion overview hack package security release install podcast performance component database unittest facebook application hhvm symfony2 introduction framework

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework