CVE-2016-10131

Published January 12th, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.

bcit-ci/CodeIgniter

Open Source PHP Framework (originally from EllisLab)

GitHub

18.2K