CVE-2018-12071

Name: CVE-2018-12071
Creator: NVD / NIST
Published: 2018-06-17T20:29:00.54+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.25%

Last modified Jun 17, 2026

CVE-2018-12071 is a vulnerability of currently unknown severity. A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.. EPSS estimates a 1.25% chance of exploitation in the next 30 days.

Description

A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.

Metrics

EPSS Probability

1.25%

65.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-384

Affected Software

Vendor	Product	Versions
Codeigniter	Codeigniter	< 3.1.9

References

https://github.com/bcit-ci/CodeIgniter/commit/800a20d6c4662d99ae0988b2f8f2238bb8bb29db
https://www.codeigniter.com/user_guide/changelog.htmlRelease Notes, Vendor Advisory
https://www.codeigniter.com/user_guide/changelog.htmlRelease Notes, Vendor Advisory

Timeline

Published: Jun 17, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-12071?

A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.

How severe is CVE-2018-12071?

Severity scoring for CVE-2018-12071 is pending analysis. The EPSS model estimates a 1.25% probability of exploitation in the next 30 days.

How do I fix CVE-2018-12071?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-12071?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST