ci4-cms-erp/ci4ms

Packagist31 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting ci4-cms-erp/ci4mspage 1 of 1

CVE-2026-27599MEDIUMCVSS 4.7EG 4.7✓ Fixed in 0.31.0.0
2026-03-30
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input withi…
CVE-2026-34557CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.31.0.0
2026-03-30
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input withi…
CVE-2026-34558CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.31.0.0
2026-03-30
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input withi…
CVE-2026-34559CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.31.0.0
2026-04-01
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when …
CVE-2026-34560CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.31.0.0
2026-04-01
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs…
CVE-2026-34561MEDIUMCVSS 4.7EG 4.7✓ Fixed in 0.31.0.0
2026-04-01
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input withi…
CVE-2026-34562MEDIUMCVSS 4.7EG 4.7✓ Fixed in 0.31.0.0
2026-04-01
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input withi…
CVE-2026-34563CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.31.0.0
2026-04-01
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when …
CVE-2026-34564CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.31.0.0
2026-04-01
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when …
CVE-2026-34565CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.31.0.0
2026-04-01
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when …
CVE-2026-34566CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.31.0.0
2026-04-01
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input withi…
CVE-2026-34567CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.31.0.0
2026-04-01
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when …
CVE-2026-34568CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.31.0.0
2026-04-01
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when …
CVE-2026-34569CRITICALCVSS 9.9EG 9.9✓ Fixed in 0.31.0.0
2026-04-01
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when …
CVE-2026-34570HIGHCVSS 8.8EG 8.8✓ Fixed in 0.31.0.0
2026-04-01
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when …
CVE-2026-34571CRITICALCVSS 9.9EG 9.9✓ Fixed in 0.31.0.0
2026-04-01
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting (Stored XSS) vulnerability exists in the…
CVE-2026-34572HIGHCVSS 8.8EG 8.8✓ Fixed in 0.31.0.0
2026-04-01
vulnerable: 0.21.0 ... 0.28.6.0 (47 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when …
CVE-2026-34989CRITICALCVSS 9.0EG 9.0✓ Fixed in 31.0.0.0
2026-04-06
vulnerable: 0.21.0 ... 0.31.8.0 (56 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanitize user-controlled input when users up…
CVE-2026-35035HIGHCVSS 7.2EG 7.2✓ Fixed in 0.31.2.0
2026-04-06
vulnerable: 0.21.0 ... 0.31.1.0 (49 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System…
CVE-2026-39389MEDIUMCVSS 6.7EG 6.7✓ Fixed in 0.31.4.0
2026-04-08
vulnerable: 0.21.0 ... 0.31.3.0 (51 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, This vulnerability is fixed in 0.31.4.0.
CVE-2026-39390MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.31.4.0
2026-04-08
vulnerable: 0.21.0 ... 0.31.3.0 (51 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Google Maps iframe setting (cMap field) in compInfosPost() sanitizes input…
CVE-2026-39391MEDIUMCVSS 4.8EG 4.8✓ Fixed in 0.31.4.0
2026-04-08
vulnerable: 0.21.0 ... 0.31.3.0 (51 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the blacklist (ban) note parameter in UserController::ajax_blackList_post() is…
CVE-2026-39392MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.31.4.0
2026-04-08
vulnerable: 0.21.0 ... 0.31.3.0 (51 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module does not apply the html_purify validation rule to content fie…
CVE-2026-39393HIGHCVSS 8.1EG 8.1✓ Fixed in 0.31.4.0
2026-04-08
vulnerable: 0.21.0 ... 0.31.3.0 (51 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check (cach…
CVE-2026-39394HIGHCVSS 8.1EG 8.1✓ Fixed in 0.31.4.0
2026-04-08
vulnerable: 0.21.0 ... 0.31.3.0 (51 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index() controller reads the host POST parameter without any vali…
CVE-2026-41201CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.31.5.0
2026-05-07
vulnerable: 0.21.0 ... 0.31.4.0 (52 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Sto…
CVE-2026-41202CRITICALCVSS 9.4EG 9.4✓ Fixed in 0.31.5.0
2026-05-07
vulnerable: 0.21.0 ... 0.31.4.0 (52 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts user uploaded ZIP archives without vali…
CVE-2026-41203CRITICALCVSS 9.4EG 9.4✓ Fixed in 0.31.5.0
2026-05-07
vulnerable: 0.21.0 ... 0.31.4.0 (52 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts user uploaded ZIP archives without valida…
CVE-2026-41587HIGHCVSS 8.6EG 8.6✓ Fixed in 0.31.7.0
2026-05-07
vulnerable: 0.26.0.0 ... 0.31.6.0 (21 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated…
CVE-2026-41890MEDIUMCVSS 6.9EG 6.9✓ Fixed in 0.31.8.0
2026-05-07
vulnerable: 0.31.1.0 ... 0.31.7.0 (7 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess() action accepts a POST param…
CVE-2026-41891MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.31.8.0
2026-05-07
vulnerable: 0.26.0.0 ... 0.31.7.0 (22 versions)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user c…

Check whether ci4-cms-erp/ci4ms is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ci4-cms-erp/ci4ms CVEs against the assets you own.

Start Free Scan →