Path Traversal Vulnerability in Ecommerce-CodeIgniter-Bootstrap by Kiril Kirkov
CVE-2026-14636
5.3MEDIUM
What is CVE-2026-14636?
A vulnerability exists in the Ecommerce-CodeIgniter-Bootstrap application, specifically in the do_upload_others_images function of the Vendor Image Manager component. This weakness allows attackers to manipulate the folder argument, potentially leading to unauthorized file system access through path traversal. The risk of exploitation is significant as the attack can be executed remotely. The vendor follows a rolling release model, which may impact the identification of all affected versions, emphasizing the importance of applying the provided patch (de1c9e73ccf3bd032d9a0525c4752290d959dd8b) to mitigate the risks associated with this vulnerability.
Affected Version(s)
Ecommerce-CodeIgniter-Bootstrap 23105f25dadf57b4314fc015a63a7c6e910c89df
