| Título | kirilkirkov Ecommerce-CodeIgniter-Bootstrap master Open Redirect / URI Injection |
|---|
| Descrição | ## Description
Ecommerce-CodeIgniter-Bootstrap contains a stored administrator-side URI injection issue in the order management flow. An unauthenticated attacker can send a malicious `Referer` header while placing an order. The application stores this value in the session, persists it into `orders.referrer`, and later renders it in the administrator orders page as both link text and an `href` value without output encoding or URI scheme validation.
An administrator who reviews the affected order sees a clickable attacker-controlled URL in the trusted backend interface. This can be used for administrator-facing phishing, redirection to an untrusted site, or other social-engineering attacks against backend users.
## Technical Details
- Affected component: `application/core/MY_Controller.php`, `application/controllers/Checkout.php`, `application/models/Public_model.php`, `application/modules/admin/views/ecommerce/orders.php`
- Trigger path: `/index.php/checkout`
- Admin sink: `/index.php/admin/orders`
- Weakness: `CWE-74`, `CWE-601`
- CVSS v3.1: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N`
- Severity: `Moderate`
- Published: `2026-05-20`
- Patched version / fix commit: `213babdbaa949e94557246414db0130e01394517`
- GitHub Security Advisory: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/security/advisories/GHSA-x9pg-hvpj-9q44
- Vendor fix: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/213babdbaa949e94557246414db0130e01394517 |
|---|
| Fonte | ⚠️ https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/security/advisories/GHSA-x9pg-hvpj-9q44 |
|---|
| Utilizador | Anonymous User |
|---|
| Submissão | 02/06/2026 10h03 (há 1 mês) |
|---|
| Moderação | 03/07/2026 19h24 (1 month later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 376147 [kirilkirkov Ecommerce-CodeIgniter-Bootstrap até 95dfa8cebbb87ab46ae450643a07241274a74dce Trusted Backend Interface MY_Controller.php setReferrer href Redirect] |
|---|
| Pontos | 20 |
|---|