CodeIgniter versions 2.1.4 and below and Kohana versions 3.2.3 and below and 3.3.2 and below suffer from PHP object injection, a timing attack, and a remote code execution vulnerability.
d357c2844cd74c3664747fff941d56d0608de1bd1ced834e031486b9328c8121