This document discusses a code injection vulnerability in the internationalization (i18n) functionality of the CodeIgniter PHP web framework. Specifically, it shows how an attacker could exploit weaknesses in CodeIgniter's handling of localized language files to perform remote file inclusion (RFI) or local code inclusion attacks. The document provides examples of how an attacker could craft malicious input to include arbitrary files or code from remote or local systems. It also notes that over 240 existing CodeIgniter sites were found potentially vulnerable to this issue. In conclusion, the document invites questions and feedback on this CodeIgniter i18n code injection vulnerability.