Vendor
CVE-2026-14637: Critical Deserialization Vulnerability in kirilkirkov Ecommerce-CodeIgniter-Bootstrap
2 TTPs 1 CVEA high-severity deserialization vulnerability, CVE-2026-14637, exists in the `getCartItems` function of `application/libraries/ShoppingCart.php` in kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions up to commit `13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7`, allowing remote attackers to achieve arbitrary code execution by manipulating the `shopping_cart` argument, with public exploit disclosure raising immediate risk.
CVE-2026-14635: Path Traversal in kirilkirkov Ecommerce-CodeIgniter-Bootstrap
1 rule 2 TTPs 1 CVEA high-severity path traversal vulnerability (CVE-2026-14635) has been identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions up to commit 222ff31c066, allowing remote attackers to access or modify arbitrary files by manipulating the 'folder' argument in the Vendor Multi-Image Endpoint, with a public exploit available.