CVE-2026-14635

HIGH

kirilkirkov Ecommerce-CodeIgniter-Bootstrap Vendor Multi-Image Endpoint AddProduct.php path traversal

Title source: cna
STIX 2.1

Description

A security flaw has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. This issue affects some unknown processing of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Multi-Image Endpoint. Performing a manipulation of the argument folder results in path traversal. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The patch is named 2a9497ff11f36e573ad99e1c357ff0e6ded49745. Applying a patch is the recommended action to fix this issue.

References (7)

Core 7
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-376150 | kirilkirkov Ecommerce-CodeIgniter-Bootstrap Vendor Multi-Image Endpoint AddProduct.php path traversal
https://vuldb.com/vuln/376150
Signature, Permissions Required signature permissions-required
VDB-376150 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/376150/cti
Third Party Advisory third-party-advisory
CVE-2026-14635 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-14635
Third Party Advisory third-party-advisory
Submit #845906 | kirilkirkov Ecommerce-CodeIgniter-Bootstrap master Path Traversal
https://vuldb.com/submit/845906

Scores

CVSS v3 7.3
EPSS 0.0044
EPSS Percentile 35.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (1)
kirilkirkov/Ecommerce-CodeIgniter-Bootstrap 222ff31c06687b1c6d0e1ab63953f82c3674c52b
Published Jul 04, 2026
Tracked Since Jul 04, 2026