CVE-2022-46170
First published: Thu Dec 22 2022(Updated: )
CVE-2022-46170: Potential Session Handlers Vulnerability
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/codeigniter4/framework | <4.2.11 | |
| Codeigniter Codeigniter | >=4.0.0<4.2.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-46170?
CVE-2022-46170 is a potential session handlers vulnerability in CodeIgniter, a PHP full-stack web framework, that can be exploited when an application uses multiple session cookies and a session handler set to 'DatabaseHandler', 'MemcachedHandler', or 'RedisHandler'.
What is the severity of CVE-2022-46170?
The severity of CVE-2022-46170 is critical with a base score of 9.8.
How does CVE-2022-46170 affect CodeIgniter?
CVE-2022-46170 affects CodeIgniter versions up to (excluding) 4.2.11 and Codeigniter Codeigniter versions between 4.0.0 and 4.2.11.
How can an attacker exploit CVE-2022-46170?
An attacker can exploit CVE-2022-46170 by obtaining one of the session cookies and using it to gain unauthorized access.
Is there a fix for CVE-2022-46170?
Yes, the fix for CVE-2022-46170 is available in the latest version of CodeIgniter. It is recommended to upgrade to the latest version to mitigate the vulnerability.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/friends-of-php
- collector/nvd-index
- package-manager/composer
- vendor/codeigniter
- canonical/codeigniter codeigniter
- version/codeigniter codeigniter/4.0.0