CVE Tools

Home/Vulnerability/CVE-2023-32692

CVE-2023-32692

Remote Code Execution Vulnerability in Validation Placeholders

Published: May 30, 2023Updated: Nov 21, 2024 Sources: CVE List NVD GHSA

9.8CVSS

CRITICAL

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5.

EPSS Score

2.0%

Top 16.1%

CISA KEV

Not in KEV

Exploits

No Known Exploits

Remediation

Patch Available

CVSS Vector Breakdown

Exploitability

AV:NAttack Vector

Network

AC:LAttack Complexity

Low

PR:NPrivileges Required

None

UI:NUser Interaction

None

Scope

S:UScope

Unchanged

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:HAvailability

High

Weaknesses

Affected Products

CodeIgniter4

codeigniter4

OSS Libraries / web-framework

codeigniter4/framework

Packagist

OSS Libraries / packagist

codeigniter

codeigniter

OSS Libraries / web-framework

codeigniter4oss-projectOSS Librariesaka codeigniter 4, ci4

packagistpackage-ecosystemOSS Libraries

codeigniteross-projectOSS Librariesaka codeigniter, ci

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

Official Patch Available

Workaround Available

MITRE ATT&CK

2 techniques

Execution

Initial Access

View detailed technique mapping

References

https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-m6m8-6gq8-c9fj

https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md

https://nvd.nist.gov/vuln/detail/CVE-2023-32692

and 3 more references View all →

Timeline

Published

May 30, 2023

Last Updated

Nov 21, 2024

News mentions

1

CodeIgniter Vulnerability Enables Arbitrary Code Execution (CVSS 9.8)
en-us·Daily CyberSecurity (securityonline.info)· Summary only·Jun 15, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2023-32692 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows