Information Exposure Through an Error Message in CodeIgniter4 - CVE-2023-46240
Published: October 27, 2023 / Updated: May 23, 2026
CodeIgniter4
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to generation of error message containing sensitive information in error reporting when an error or exception occurs in the production environment. A remote attacker can trigger an error condition to disclose sensitive information.