CVE-2018-12071
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
CodeIgniter Session Fixation Vulnerability
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | codeigniter/framework | <3.1.10 | 3.1.10 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2018-12071
- https://github.com/bcit-ci/CodeIgniter/issues/5958
- https://github.com/bcit-ci/CodeIgniter/commit/800a20d6c4662d99ae0988b2f8f2238bb8bb29db
- https://github.com/bcit-ci/CodeIgniter/commit/a9da3dd2f16a8f97d7bc4ff5572b28e4bb84c813#diff-32788a4d3748e8818044886ab43241179c7f5f5b82e979e73146669ca6e2da1cR306
- https://github.com/bcit-ci/CodeIgniter
- https://web.archive.org/web/20181115214804/https://www.codeigniter.com/user_guide/changelog.html#version-3-1-9
- https://www.codeigniter.com/user_guide/changelog.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.