ci4-cms-erp/ci4ms Security Advisories for 0.31.5.0 (3)
-
[MEDIUM] CI4MS has a Deactivated User Session Bypass (active=0)
PKSA-cf98-gsv6-bv96 CVE-2026-41891 GHSA-5hfv-c864-qcq9
Affected version: >=0.26.0,<=0.31.7.0
Reported by:
GitHub -
[MEDIUM] CI4MS Vulnerable to Arbitrary Database Table Drop via Theme deleteProcess
PKSA-kq1j-n47j-c2p7 CVE-2026-41890 GHSA-vgrf-pr28-vf98
Affected version: >=0.31.1.0,<=0.31.7.0
Reported by:
GitHub -
[HIGH] CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution
PKSA-gg2g-kjmj-cghy CVE-2026-41587 GHSA-fw49-9xq4-gmx6
Affected version: >=0.26.0.0,<=0.31.6.0
Reported by:
GitHub