CVE-2026-27599 in ci4msinfo

Zusammenfassung (Englisch)

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Mail Settings. Several configuration fields, including Mail Server, Mail Port, Email Address, Email Password, Mail Protocol, and TLS settings, accept attacker-controlled input that is stored server-side and later rendered without proper output encoding. This issue has been patched in version 0.31.0.0.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Zuständig

GitHub_M

Reservieren

20.02.2026

Veröffentlichung

31.03.2026

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

IDSchwachstelleCWEAusMasCVE
354286ci4-cms-erp ci4ms Mail Protocol Cross Site Scripting79Nicht definiertOffizieller FixCVE-2026-27599

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

ZurückÜbersichtWeiter

Want to stay up to date on a daily basis?

Enable the mail alert feature now!