GHSA-2pcj-76hj-xqhmCriticalCVSS 9.8

CodeIgniter arbitrary code execution

Published
May 17, 2022
Last Modified
July 6, 2026

🔗 CVE IDs covered (1)

📋 Description

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.

🎯 Affected products1

  • composer/bcit-ci/codeigniter:< 3.1.3

🔗 References (7)