Kiril Kirkov

16 exploits Active since Sep 2020
CVE-2020-25086 WRITEUP MEDIUM WRITEUP
ecommerce-codeigniter-bootstrap < 2020-08-03 - Cross-Site Scripting in adminUsers.php
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/adminUsers.php.
CVSS 6.1
CVE-2020-25087 WRITEUP MEDIUM WRITEUP
ecommerce-codeigniter-bootstrap < 2020-08-03 - Cross-Site Scripting in Languages Settings Page
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/languages.php.
CVSS 6.1
CVE-2020-25088 WRITEUP MEDIUM WRITEUP
ecommerce-codeigniter-bootstrap < 2020-08-03 - Cross-Site Scripting in Blog Publish View
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php.
CVSS 6.1
CVE-2020-25089 WRITEUP MEDIUM WRITEUP
ecommerce-codeigniter-bootstrap < 2020-08-03 - Cross-Site Scripting in Discounts Admin View
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php.
CVSS 6.1
CVE-2020-25090 WRITEUP MEDIUM WRITEUP
ecommerce-codeigniter-bootstrap < 2020-08-03 - Cross-Site Scripting in Admin Publish View
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php.
CVSS 6.1
CVE-2020-25091 WRITEUP MEDIUM WRITEUP
ecommerce-codeigniter-bootstrap < 2020-08-03 - Cross-Site Scripting in add_product.php
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/add_product.php.
CVSS 6.1
CVE-2020-25092 WRITEUP MEDIUM WRITEUP
ecommerce-codeigniter-bootstrap < 2020-08-03 - Cross-Site Scripting in Header Template
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel.
CVSS 6.1
CVE-2020-25093 WRITEUP MEDIUM WRITEUP
ecommerce-codeigniter-bootstrap < 2020-08-03 - Cross-Site Scripting in blog.php
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/templates/clothesshop, application/views/templates/onepage, and application/views/templates/redlabel.
CVSS 6.1
CVE-2022-35213 WRITEUP MEDIUM WRITEUP
ecommerce-codeigniter-bootstrap < 2021-08-21 - Cross-Site Scripting via base_url() Function
Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php.
CVSS 6.1
CVE-2023-23010 WRITEUP MEDIUM WRITEUP
Ecommerce-CodeIgniter-Bootstrap < 2022-12-27 - Cross-Site Scripting via Languages and Trans Load Parameters
Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php.
CVSS 6.1
CVE-2024-31820 WRITEUP CRITICAL WRITEUP
ecommerce-codeigniter-bootstrap < 2024-01-02 - Remote Code Execution via getLangFolderForEdit Method
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php component.
CVSS 9.8
CVE-2024-31821 WRITEUP HIGH WRITEUP
Ecommerce-CodeIgniter-Bootstrap <d22b54e - SQL Injection
SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders_model.php component.
CVSS 8.0
CVE-2024-31822 WRITEUP CRITICAL WRITEUP
Ecommerce-CodeIgniter-Bootstrap <d22b54e - RCE
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component.
CVSS 9.8
CVE-2024-31823 WRITEUP HIGH WRITEUP
Ecommerce-CodeIgniter-Bootstrap - Remote Code Execution via Publish.php removeSecondaryImage Method
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php component.
CVSS 8.8
CVE-2024-6526 WRITEUP LOW WRITEUP
ecommerce-codeigniter-bootstrap < 2024-07-03 - XSS via search_title/catName/sub/name/categorie
A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. This affects an unknown part. The manipulation of the argument search_title/catName/sub/name/categorie leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 1b3da45308bb6c3f55247d0e99620b600bd85277. It is recommended to apply a patch to fix this issue. The identifier VDB-270369 was assigned to this vulnerability.
CVSS 3.5
CVE-2024-7067 WRITEUP MEDIUM WRITEUP
shuttur/ecommerce-laravel-bootstrap < 2024-07-03 - Deserialization of Untrusted Data in getCartProductsIds
A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. It has been rated as critical. Affected by this issue is the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is a02111a674ab49f65018b31da3011b1e396f59b1. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-272348.
CVSS 6.3