32 matches found
CVE-2026-14637
CVE-2026-14637 affects kirilkirkov Ecommerce-CodeIgniter-Bootstrap, specifically the getCartItems function in application/libraries/ShoppingCart.php. Input manipulation of the shopping_cart parameter leads to deserialization, enabling remote exploitation as described. The patch identifier is 49b2...
EUVD-2026-41681
A security flaw has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. This issue affects some unknown processing of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Multi-Image Endpoint. Performing ...
CVE-2026-14635
The CVE-2026-14635 affects kirilkirkov Ecommerce-CodeIgniter-Bootstrap (vendor’s Vendor Multi-Image Endpoint). The flaw arises from path traversal when manipulating the folder argument in the AddProduct.php handler, enabling remote initiation. Public exploit available; no version specifics are pr...
CVE-2026-14634
Summary (CVE-2026-14634) The vulnerability exists in kirilkirkov’s Ecommerce-CodeIgniter-Bootstrap (up to commit 213babdbaa949e94557246414db0130e01394517) and affects the function checkForPostRequests in the file application/core/MY_Controller.php for the Subscribed Emails Admin Page. Manipulatio...
EUVD-2026-41680
A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MYController.php of the component Subscribed Emails Admin Page. Such manipulation...
EUVD-2026-41679
A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API Endpoint. This manipulation of the argument title/description causes...
CVE-2026-14633
The CVE affects kirilkirkov Ecommerce-CodeIgniter-Bootstrap (up to commit 49b20f53de2b7ec34e920b11c863f1491d911a04). The vulnerability targets the Hidden REST API Endpoint and specifically the file /index.php/api/product/set, where manipulating the argument title/description enables cross-site sc...
EUVD-2020-17780
Malware in sbrugna...
EUVD-2021-28129
Malicious code in bioql PyPI...
CVE-2024-31823
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php component...
CVE-2024-31820
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php component...
CVE-2023-23010
Cross Site Scripting XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 on Dec 27, 2022, allows attackers to execute arbitrary code via the languages and transload parameters in file addproduct.php...
CVE-2024-6526
A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. This affects an unknown part. The manipulation of the argument searchtitle/catName/sub/name/categorie leads to cross site scripting. It is possib...
CVE-2024-6526 CodeIgniter Ecommerce-CodeIgniter-Bootstrap cross site scripting
A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. This affects an unknown part. The manipulation of the argument searchtitle/catName/sub/name/categorie leads to cross site scripting. It is possib...
CVE-2024-6526
CVE-2024-6526 affects CodeIgniter Ecommerce-CodeIgniter-Bootstrap. The vulnerability arises from manipulation of the arguments search_title, catName, sub, name, and categorie, which leads to cross-site scripting (XSS). It can be exploited remotely, and public exploits/ PoC have been disclosed. A ...
CVE-2024-31823
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php component...
CVE-2024-31820
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php component...
CVE-2024-31820
An issue in Ecommerce-CodeIgniter-Bootstrap (Languages.php, getLangFolderForEdit) allows remote code execution via a crafted call to the getLangFolderForEdit method. The CVE-2024-31820 entry notes the vulnerability; Red Hat and OSV/CNNVD variants corroborate the same description. No affected vers...
PT-2024-24228
Name of the Vulnerable Software and Affected Versions Ecommerce-CodeIgniter-Bootstrap affected versions not specified Description The issue allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php component. Recommendations At the moment, there i...
Ecommerce-CodeIgniter-Bootstrap 安全漏洞
Ecommerce-CodeIgniter-Bootstrap is a responsive, multi-vendor, multi-language online store platform shopping cart solution. A security vulnerability exists in Ecommerce-CodeIgniter-Bootstrap, which stems from an arbitrary code execution vulnerability in the saveLanguageFiles method of the...