Description
CodeIgniter is a powerful PHP framework with a very small footprint, built for PHP coders who need a simple and elegant toolkit to create full-featured web applications.
If you use the Encryption class or the Session class you must set an encryption key. It's very important that an attacker doesn't know the value of this encryption key. Your application is using a weak/known encryption key and Acunetix managed to guess this key. Knowing the encryption key allows an attacker to impersonate any user in the application and even achive remote code execution.
Remediation
Change the value of the $config['encryption_key'] (application/config/config.php) to a random string.
References
Related Vulnerabilities
PHP unserialize() used on user input
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4283)
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.7)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2044)
WordPress Plugin ACF to REST API Information Disclosure (3.2.0)