CVE-2026-41201 in ci4ms情報

要約

〜によって MITRE • 2026年05月07日

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated via a sql file that tampers with the file name field to contain hidden XSS payload. This issue has been patched in version 0.31.5.0.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

GitHub M

予約する

2026年04月18日

公開

2026年05月07日

モデレーション

承諾済み

エントリ

VDB-361789

CPE

準備完了

CWE

CWE-79 (確認済み)

CVSS

9.1 (CNA)

EPSS

0.00057

KEV

いいえ

アクティビティ

非常低い

セクター

Lawfirm, Hostingprovider, ...

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-41201
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-41201
CVE Details	https://www.cvedetails.com/cve/CVE-2026-41201/

◂ 前概要次 ▸

Do you know our Splunk app?

Download it now for free!