← back
CVE-2014-8686

CVE-2014-8686

EPSS 37.2%
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/36264unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.htmlhttps://beyondbinary.io/articles/seagate-nas-rce/https://codeigniter.com/userguide2/changelog.htmlhttps://www.dionach.com/blog/codeigniter-session-decoding-vulnerability