Vendor
critical
advisory
CI4MS Unauthenticated .env Overwrite Vulnerability (CVE-2026-39393)
2 rules 1 TTP 1 CVECI4MS versions before 0.31.4.0 are vulnerable to unauthenticated takeover due to a flawed install route guard that allows overwriting the .env file with attacker-controlled database credentials when the database is temporarily unreachable.
CI4MS
CVE-2026-39393
CodeIgniter
Remote Code Execution
Unauthenticated Access
2r
1t
1c
high
advisory
CI4MS .env File Injection Vulnerability (CVE-2026-39394)
2 rules 1 TTP 1 CVECI4MS versions prior to 0.31.4.0 are vulnerable to .env file injection via the Install::index() controller due to insufficient input validation and bypassed CSRF protection, allowing attackers to inject arbitrary configuration directives.
CI4MS
codeigniter
env-injection
cve-2026-39394
2r
1t
1c