CVE-2026-34563

critical

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when handling backup uploads and processing backup metadata. An attacker can inject a malicious JavaScript payload into the backup filename via the uploaded xss.sql, which uses SQL functionality to insert the XSS payload server-side. This stored payload is later rendered unsafely in multiple backup management views without proper output encoding, leading to stored blind cross-site scripting (Blind XSS). This issue has been patched in version 0.31.0.0.

9.1

cvss critical

common vulnerability scoring system v3.1. measures intrinsic severity on a 0-10 scale.

epss 0.0005

exploitation prediction scoring system. probability this vulnerability will be exploited in the wild in the next 30 days.

kev no

cisa known exploited vulnerabilities catalog. confirmed active exploitation.

CVSS 3.1 Common Vulnerability Scoring System v3.1

9.1 / 10

CRITICAL

exploitability

Attack Vector

Network

Attack Vector (AV:N): exploitable remotely over the network — most dangerous. no physical or adjacent access needed.

Attack Complexity

Low

Attack Complexity (AC:L): no special conditions needed. attack can be reliably reproduced.

Privileges Required

Low

Privileges Required (PR:L): requires basic user-level access.

User Interaction

None

User Interaction (UI:N): no victim action needed. fully exploitable without user interaction.

impact

Scope

Changed

Scope (S:C): exploitation impacts resources beyond the vulnerable component.

Confidentiality

High

Confidentiality (C:H): total information disclosure. attacker gains access to all data within the component.

Integrity

Low

Integrity (I:L): limited data modification. some data can be altered.

Availability

Low

Availability (A:L): reduced performance or partial service interruption.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

exploitation detection attribution advisories media timeline

rdintel assessment

composite score from 15+ signals including exploitation status, epss probability, detection coverage, and community attention. 0-100 scale.

exploitation

actively exploited

Vendor - Product Name

Apply vendor-provided patches

poc repositories (3)

researcher/exploit-poc - 42 stars - Python

security-lab/cve-checker - 18 stars - Go

detection

nuclei-template-id - critical - by projectdiscovery

sigma-rule-title - high - windows

timeline

2024-01-15 - published - CVE record created

2024-01-18 - poc - First exploit code published

2024-01-20 - kev - Added to known exploited

pocs, detection rules, timeline, advisories, and more