Description
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory
https://www.codeigniter.com/user_guide/changelog.html
Scores
CVSS v3
9.8
EPSS
0.0125
EPSS Percentile
65.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-384
Status
published
Products (2)
codeigniter/codeigniter
< 3.1.9
codeigniter/framework
0 - 3.1.10Packagist
Published
Jun 17, 2018
Tracked Since
Feb 18, 2026