Path Traversal Vulnerability in Ecommerce-CodeIgniter-Bootstrap by Kiril Kirkov
CVE-2026-14636

5.3MEDIUM

Key Information:

Vendor
CVE Published:
4 July 2026

What is CVE-2026-14636?

A vulnerability exists in the Ecommerce-CodeIgniter-Bootstrap application, specifically in the do_upload_others_images function of the Vendor Image Manager component. This weakness allows attackers to manipulate the folder argument, potentially leading to unauthorized file system access through path traversal. The risk of exploitation is significant as the attack can be executed remotely. The vendor follows a rolling release model, which may impact the identification of all affected versions, emphasizing the importance of applying the provided patch (de1c9e73ccf3bd032d9a0525c4752290d959dd8b) to mitigate the risks associated with this vulnerability.

Affected Version(s)

Ecommerce-CodeIgniter-Bootstrap 23105f25dadf57b4314fc015a63a7c6e910c89df

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
.