Open Redirect Vulnerability in Ecommerce-CodeIgniter-Bootstrap by Kiril Kirkov
CVE-2026-14632
Key Information:
- Vendor
Kirilkirkov
- Vendor
- CVE Published:
- 4 July 2026
Badges
What is CVE-2026-14632?
A flaw exists in the setReferrer function of the MY_Controller.php file within the Trusted Backend Interface of Ecommerce-CodeIgniter-Bootstrap. This vulnerability allows an attacker to manipulate the href argument, leading to an open redirect issue. Such an exploit can be executed remotely and poses a significant risk, as it allows control over the navigation flow of users. Users are advised to apply the available patch to mitigate this issue as the affected versions are part of an ongoing rolling release lifecycle.
Affected Version(s)
Ecommerce-CodeIgniter-Bootstrap 95dfa8cebbb87ab46ae450643a07241274a74dce
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
