Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-40825
CVE-2022-40825:
CodeIgniter vulnerability analysis and mitigation
Overview
B.C. Institute of Technology CodeIgniter <=3.1.13 was reported to be vulnerable to SQL Injection via system\database\DB_query_builder.php where_in() function. However, this vulnerability (CVE-2022-40825) has been disputed by multiple third parties as not being a valid security issue (NVD, CVE Mitre).
Technical details
The vulnerability was initially reported to affect the where_in() function in the DB_query_builder.php file of CodeIgniter versions 3.1.13 and earlier. The concern was related to potential SQL injection through query fields if developers incorrectly handle client input (GitHub Issue).
Impact
If the vulnerability were valid, it could potentially allow attackers to execute arbitrary SQL commands through the where_in() function. However, since this has been disputed by multiple security experts, the actual impact is considered negligible.
Community reactions
The security community has largely disputed this vulnerability, with multiple third parties indicating that it is not a valid security issue. This consensus is reflected in the official CVE record which marks it as DISPUTED (CVE Mitre).
Additional resources
Source: This report was generated using AI
Related CodeIgniter vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management