Cross-site request forgery in CodeIgniter4 - CVE-2022-24712
Published: February 26, 2022 / Updated: May 23, 2026
CodeIgniter4
Detailed vulnerability description
The vulnerability allows a remote user to bypass cross-site request forgery protection.
The vulnerability exists due to cross-site request forgery protection bypass in the csrf protection mechanism when handling crafted cross-site requests. A remote user can induce the victim's browser to send a crafted request to bypass cross-site request forgery protection.
User interaction is required.