PT-2026-55708 · Kirilkirkov · Ecommerce-Codeigniter-Bootstrap

Leousum

·

Published

2026-07-04

·

Updated

2026-07-04

·

CVE-2026-14632

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions up to 95dfa8cebbb87ab46ae450643a07241274a74dce
Description An open redirect issue exists in the Trusted Backend Interface component. The setReferrer() function within the application/core/MY Controller.php file does not properly handle the href argument, allowing a remote attacker to manipulate it to redirect users to an external site.
Recommendations Apply patch 213babdbaa949e94557246414db0130e01394517. As a temporary mitigation, restrict access to the setReferrer() function.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14632

Affected Products

Ecommerce-Codeigniter-Bootstrap