CVE-2026-41201 in ci4msИнформация

Сводка

по MITRE • 07.05.2026

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated via a sql file that tampers with the file name field to contain hidden XSS payload. This issue has been patched in version 0.31.5.0.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

GitHub M

Резервировать

18.04.2026

Раскрытие

07.05.2026

Модерация

принято

Вход

VDB-361789

CPE

готов

CWE

CWE-79 (Подтверждённый)

CVSS

9.1 (CNA)

EPSS

0.00057

KEV

Нет

Деятельности

Очень низкий

Сектор

Hostingprovider, Agriculture, ...

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-41201
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-41201
CVE Details	https://www.cvedetails.com/cve/CVE-2026-41201/

◂ Предыдущий Обзор Далее ▸

Interested in the pricing of exploits?

See the underground prices here!