FreeBSD : codeigniter -- multiple vulnerabilities (71ebbc50-01c1-11e7-ae1b-002590263bf5)
High Nessus Plugin ID 97545
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe CodeIgniter changelog reports :
Fixed an XSS vulnerability in Security Library method xss_clean().
Fixed a possible file inclusion vulnerability in Loader Library method vars().
Fixed a possible remote code execution vulnerability in the Email Library when 'mail' or 'sendmail' are used (thanks to Paul Buonopane from NamePros).
Added protection against timing side-channel attacks in Security Library method csrf_verify().
Added protection against BREACH attacks targeting the CSRF token field generated by Form Helper function form_open().
SolutionUpdate the affected package.