Skip to main content

Insufficient Verification of Data Authenticity


Severity High
Score 7.5/10


CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy in versions prior to 4.2.11. This issue has been patched, please upgrade to version 4.2.11 or later, and configure `Config\App::$proxyIPs`. As a workaround, do not use `$request->getIPAddress()`.

  • LOW
  • HIGH
  • NONE
  • NONE
  • NONE
  • NONE

CWE-345 - Insufficient Verification of Data Authenticity

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Advisory Timeline

  • Published