Information Exposure Through an Error Message in CodeIgniter4 - CVE-2023-46240

 

Information Exposure Through an Error Message in CodeIgniter4 - CVE-2023-46240

Published: October 27, 2023 / Updated: May 23, 2026


Vulnerability identifier: #VU132169
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-46240
CWE-ID: CWE-209
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: CodeIgniter
Affected software:
CodeIgniter4

Detailed vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to generation of error message containing sensitive information in error reporting when an error or exception occurs in the production environment. A remote attacker can trigger an error condition to disclose sensitive information.


How to mitigate CVE-2023-46240

Install security update from vendor's website.

Sources