जमा करें #845906: kirilkirkov Ecommerce-CodeIgniter-Bootstrap master Path Traversalजानकारी

शीर्षकkirilkirkov Ecommerce-CodeIgniter-Bootstrap master Path Traversal
विवरण## Description Ecommerce-CodeIgniter-Bootstrap contains a path traversal vulnerability in vendor multi-image endpoints. The affected handlers trust the user-controlled `folder` parameter and concatenate it directly into filesystem paths under `attachments/shop_images/`. Because the application did not canonicalize the target path or enforce a base directory boundary, an attacker able to reach the vendor image endpoints could traverse outside the intended product image directory. The vulnerable behavior allowed directory creation, image upload, and file deletion in unintended writable locations. ## Technical Details - Affected component: `application/modules/vendor/controllers/AddProduct.php` - Vulnerable parameter: `folder` - Impacted operations: directory creation, multi-image upload, and image deletion outside the intended shop image directory - Weakness: `CWE-22` - CVSS v3.1: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` - Severity: `Critical` - Published: `2026-05-20` - Patched version / fix commit: `2a9497ff11f36e573ad99e1c357ff0e6ded49745` - GitHub Security Advisory: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/security/advisories/GHSA-6whv-r5hm-vcjr - Vendor fix: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/2a9497ff11f36e573ad99e1c357ff0e6ded49745
स्रोत⚠️ https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/security/advisories/GHSA-6whv-r5hm-vcjr
उपयोगकर्ता
 Anonymous User
सबमिशन02/06/2026 10:11 AM (1 महीना पहले)
संयम03/07/2026 07:24 PM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि376150 [kirilkirkov Ecommerce-CodeIgniter-Bootstrap तक 222ff31c06687b1c6d0e1ab63953f82c3674c52b Vendor Multi-Image Endpoint AddProduct.php folder निर्देशिका ट्रैवर्सल]
अंक20

Do you need the next level of professionalism?

Upgrade your account now!