Codeigniter

A vulnerability in hemant6488 CodeIgniter-StudentManagementSystem allows remote attackers to perform improper access controls by manipulating the /index.php/students/addStudentView file, with a publicly available exploit and no vendor response.

A critical vulnerability exists in ci4ms Theme::upload, where improper validation of ZIP archive entry names allows authenticated users with theme creation permissions to write files to arbitrary locations, leading to remote code execution.