SB2023102738 - Information Exposure Through an Error Message in CodeIgniter4
Published: October 27, 2023 Updated: May 23, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Information Exposure Through an Error Message (CVE-ID: CVE-2023-46240)
CWE-ID: CWE-209 - Information Exposure Through an Error Message
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to generation of error message containing sensitive information in error reporting when an error or exception occurs in the production environment. A remote attacker can trigger an error condition to disclose sensitive information.
Remediation
Install update from vendor's website.