CVE Daily

CVE-2024-41344

A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to ar...

High CVSS 7.5

Overview

A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges.

CWE: CWE-352 Published: 2024-10-15T19:15:17.287
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.5 (HIGH)
  • Detected tags: csrf (tag impact: MODERATE)

Recommended actions:

  • CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.

Recommended tools

Tags