Input validation error in CodeIgniter4 - CVE-2023-32692
Published: May 21, 2023 / Updated: May 23, 2026
CodeIgniter4
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in the Validation library when processing validation placeholders. A remote attacker can supply crafted placeholder input to execute arbitrary code.
Validation methods in controllers and in-model validation are also affected because they use the Validation library internally.