| 标题 | kirilkirkov Ecommerce-CodeIgniter-Bootstrap master Open Redirect / URI Injection |
|---|
| 描述 | ## Description
Ecommerce-CodeIgniter-Bootstrap contains a stored administrator-side URI injection issue in the order management flow. An unauthenticated attacker can send a malicious `Referer` header while placing an order. The application stores this value in the session, persists it into `orders.referrer`, and later renders it in the administrator orders page as both link text and an `href` value without output encoding or URI scheme validation.
An administrator who reviews the affected order sees a clickable attacker-controlled URL in the trusted backend interface. This can be used for administrator-facing phishing, redirection to an untrusted site, or other social-engineering attacks against backend users.
## Technical Details
- Affected component: `application/core/MY_Controller.php`, `application/controllers/Checkout.php`, `application/models/Public_model.php`, `application/modules/admin/views/ecommerce/orders.php`
- Trigger path: `/index.php/checkout`
- Admin sink: `/index.php/admin/orders`
- Weakness: `CWE-74`, `CWE-601`
- CVSS v3.1: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N`
- Severity: `Moderate`
- Published: `2026-05-20`
- Patched version / fix commit: `213babdbaa949e94557246414db0130e01394517`
- GitHub Security Advisory: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/security/advisories/GHSA-x9pg-hvpj-9q44
- Vendor fix: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/213babdbaa949e94557246414db0130e01394517 |
|---|
| 来源 | ⚠️ https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/security/advisories/GHSA-x9pg-hvpj-9q44 |
|---|
| 用户 | Anonymous User |
|---|
| 提交 | 2026-06-02 10時03分 (1 月前) |
|---|
| 管理 | 2026-07-03 19時24分 (1 month later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 376147 [kirilkirkov Ecommerce-CodeIgniter-Bootstrap 直到 95dfa8cebbb87ab46ae450643a07241274a74dce Trusted Backend Interface MY_Controller.php setReferrer href Redirect] |
|---|
| 积分 | 20 |
|---|