NVD Vulnerability Detail
Search Exploit, PoC
CVE-2026-34561
Summary

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Social Media Management. Multiple configuration fields, including Social Media and Social Media Link, accept attacker-controlled input that is stored server-side and later rendered without proper output encoding. This issue has been patched in version 0.31.0.0.

Publication Date April 2, 2026, 7:16 a.m.
Registration Date April 15, 2026, 11:23 a.m.
Last Update April 14, 2026, 2:56 a.m.
CVSS3.1 : HIGH
スコア 8.4
Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
攻撃元区分(AV) ネットワーク
攻撃条件の複雑さ(AC)
攻撃に必要な特権レベル(PR)
利用者の関与(UI)
影響の想定範囲(S) 変更あり
機密性への影響(C)
完全性への影響(I)
可用性への影響(A)
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:ci4-cms-erp:ci4ms:*:*:*:*:*:*:*:* 0.31.0.0
Related information, measures and tools
Common Vulnerabilities List