PT-2026-55708 · Kirilkirkov · Ecommerce-Codeigniter-Bootstrap
Leousum
·
Published
2026-07-04
·
Updated
2026-07-04
·
CVE-2026-14632
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions up to 95dfa8cebbb87ab46ae450643a07241274a74dce
Description
An open redirect issue exists in the Trusted Backend Interface component. The
setReferrer() function within the application/core/MY Controller.php file does not properly handle the href argument, allowing a remote attacker to manipulate it to redirect users to an external site.Recommendations
Apply patch 213babdbaa949e94557246414db0130e01394517.
As a temporary mitigation, restrict access to the
setReferrer() function.Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ecommerce-Codeigniter-Bootstrap