| शीर्षक | kirilkirkov Ecommerce-CodeIgniter-Bootstrap master Path Traversal |
|---|
| विवरण | ## Description
Ecommerce-CodeIgniter-Bootstrap contains a path traversal vulnerability in the vendor image manager upload endpoint. A low-privilege vendor user can control the `folder` parameter used by `do_upload_others_images()`. The application appends this value to the upload base path and creates the resulting directory without verifying that the final path remains inside the intended image directory.
This allows arbitrary relative-path image upload into writable application paths outside `attachments/shop_images/`. In the verified advisory, the upload type was restricted to image extensions, but the underlying arbitrary relative-path write primitive still allows integrity impact and unintended file placement.
## Technical Details
- Affected component: `application/modules/vendor/controllers/AddProduct.php`
- Vulnerable function: `do_upload_others_images()`
- Vulnerable endpoint: `/index.php/vendor/uploadOthersImages`
- Related endpoint: `/index.php/vendor/loadOthersImages`
- Vulnerable parameter: `folder`
- Weakness: `CWE-22`
- CVSS v3.1: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L`
- Severity: `Moderate`
- Published: `2026-05-20`
- Patched version / fix commit: `de1c9e73ccf3bd032d9a0525c4752290d959dd8b`
- GitHub Security Advisory: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/security/advisories/GHSA-q3g4-wpv3-v23v
- Vendor fix: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/de1c9e73ccf3bd032d9a0525c4752290d959dd8b |
|---|
| स्रोत | ⚠️ https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/security/advisories/GHSA-q3g4-wpv3-v23v |
|---|
| उपयोगकर्ता | Anonymous User |
|---|
| सबमिशन | 02/06/2026 10:12 AM (1 महीना पहले) |
|---|
| संयम | 03/07/2026 07:25 PM (1 month later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 376151 [kirilkirkov Ecommerce-CodeIgniter-Bootstrap तक 23105f25dadf57b4314fc015a63a7c6e910c89df Vendor Image Manager AddProduct.php do_upload_others_images folder निर्देशिका ट्रैवर्सल] |
|---|
| अंक | 20 |
|---|