{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/kirilkirkov/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2026-14637"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Ecommerce-CodeIgniter-Bootstrap (\u003c= 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7)"],"_cs_severities":["high"],"_cs_tags":["deserialization","remote-code-execution","web-vulnerability","php","codeigniter"],"_cs_type":"advisory","_cs_vendors":["kirilkirkov"],"content_html":"\u003cp\u003eA significant deserialization vulnerability, identified as CVE-2026-14637, has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap, affecting all versions up to and including commit \u003ccode\u003e13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7\u003c/code\u003e. This flaw resides within the \u003ccode\u003egetCartItems\u003c/code\u003e function of the \u003ccode\u003eapplication/libraries/ShoppingCart.php\u003c/code\u003e library. Attackers can remotely exploit this by manipulating the \u003ccode\u003eshopping_cart\u003c/code\u003e argument in web requests, which leads to insecure deserialization on the server. The vulnerability allows for arbitrary code execution, posing a critical risk to affected systems. An exploit for this issue has been publicly disclosed, meaning attackers can readily leverage it. Due to the product's continuous delivery model, specific version numbers are not available; instead, defenders are advised to apply the patch associated with commit \u003ccode\u003e49b20f53de2b7ec34e920b11c863f1491d911a04\u003c/code\u003e to mitigate immediate threats.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated remote attacker crafts a malicious HTTP request (GET or POST) targeting a vulnerable kirilkirkov Ecommerce-CodeIgniter-Bootstrap instance.\u003c/li\u003e\n\u003cli\u003eThe attacker includes a specially constructed \u003ccode\u003eshopping_cart\u003c/code\u003e argument in the HTTP request's parameters (e.g., query string or request body).\u003c/li\u003e\n\u003cli\u003eThis \u003ccode\u003eshopping_cart\u003c/code\u003e argument contains serialized PHP objects specifically designed to trigger malicious behavior upon deserialization.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003eapplication/libraries/ShoppingCart.php\u003c/code\u003e library, particularly the \u003ccode\u003egetCartItems\u003c/code\u003e function, processes the incoming request.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003egetCartItems\u003c/code\u003e function attempts to deserialize the attacker-controlled \u003ccode\u003eshopping_cart\u003c/code\u003e data without proper validation or sanitization.\u003c/li\u003e\n\u003cli\u003eDuring the insecure deserialization process, the crafted object triggers arbitrary code execution on the underlying web server, allowing the attacker to run commands.\u003c/li\u003e\n\u003cli\u003eUpon successful execution, the attacker can achieve remote code execution, enabling actions like web shell deployment, data exfiltration, or further system compromise.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes persistence or moves laterally within the compromised environment to achieve their final objective.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-14637 grants remote attackers arbitrary code execution on the server hosting the Ecommerce-CodeIgniter-Bootstrap application. With a CVSS v3.1 Base Score of 8.2 (High), this vulnerability can lead to complete system compromise, including unauthorized access to sensitive data, modification or deletion of website content, and disruption of service. Given the public disclosure of an exploit, organizations using this product are at immediate and significant risk of attack, potentially resulting in data breaches, financial losses, and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrioritize patching CVE-2026-14637 by applying the commit \u003ccode\u003e49b20f53de2b7ec34e920b11c863f1491d911a04\u003c/code\u003e to all instances of kirilkirkov Ecommerce-CodeIgniter-Bootstrap immediately.\u003c/li\u003e\n\u003cli\u003eMonitor webserver logs (category \u003ccode\u003ewebserver\u003c/code\u003e) for HTTP requests targeting \u003ccode\u003eapplication/libraries/ShoppingCart.php\u003c/code\u003e that contain unusually long, malformed, or encoded \u003ccode\u003eshopping_cart\u003c/code\u003e argument values, which could indicate exploitation attempts for CVE-2026-14637.\u003c/li\u003e\n\u003cli\u003eReview access logs for any suspicious process creation or outbound connections from the web server after a suspected exploitation attempt, as these could signal post-exploitation activity.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-04T18:21:02Z","date_published":"2026-07-04T18:21:02Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14637-deserialization/","summary":"A high-severity deserialization vulnerability, CVE-2026-14637, exists in the `getCartItems` function of `application/libraries/ShoppingCart.php` in kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions up to commit `13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7`, allowing remote attackers to achieve arbitrary code execution by manipulating the `shopping_cart` argument, with public exploit disclosure raising immediate risk.","title":"CVE-2026-14637: Critical Deserialization Vulnerability in kirilkirkov Ecommerce-CodeIgniter-Bootstrap","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14637-deserialization/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-14635"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Ecommerce-CodeIgniter-Bootstrap (\u003c= 222ff31c06687b1c6d0e1ab63953f82c3674c52b)"],"_cs_severities":["high"],"_cs_tags":["path-traversal","web-application","codeigniter","cve"],"_cs_type":"advisory","_cs_vendors":["kirilkirkov"],"content_html":"\u003cp\u003eA critical path traversal vulnerability, CVE-2026-14635, has been publicly disclosed and is actively exploitable in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to commit 222ff31c06687b1c6d0e1ab63953f82c3674c52b. This flaw specifically impacts the Vendor Multi-Image Endpoint, residing in the \u003ccode\u003eapplication/modules/vendor/controllers/AddProduct.php\u003c/code\u003e file. Remote attackers can leverage this vulnerability by manipulating the 'folder' argument within HTTP requests, allowing them to traverse directory structures and potentially access or modify arbitrary files outside the intended web root. The lack of traditional versioning due to the product's rolling release model means all installations prior to the patch commit are affected. A public exploit has been released, significantly increasing the risk of widespread exploitation. Defenders must prioritize applying patch \u003ccode\u003e2a9497ff11f36e573ad99e1c357ff0e6ded49745\u003c/code\u003e to mitigate this severe risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated remote attacker identifies an internet-facing instance of kirilkirkov Ecommerce-CodeIgniter-Bootstrap.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request targeting the vulnerable \u003ccode\u003eapplication/modules/vendor/controllers/AddProduct.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe request includes a specially crafted \u003ccode\u003efolder\u003c/code\u003e argument containing directory traversal sequences, such as \u003ccode\u003e../../../../\u003c/code\u003e or its URL-encoded variants.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eAddProduct.php\u003c/code\u003e component processes the \u003ccode\u003efolder\u003c/code\u003e argument without proper sanitization or validation of the input path.\u003c/li\u003e\n\u003cli\u003eThe application attempts to access, create, or modify a file at a location outside its intended directory, dictated by the attacker's manipulated \u003ccode\u003efolder\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully gains unauthorized access to sensitive system files (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e, configuration files), or writes malicious content like web shells to accessible directories.\u003c/li\u003e\n\u003cli\u003eIf a web shell is successfully deployed, the attacker can achieve remote code execution and further compromise the underlying server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-14635 can lead to severe consequences, including unauthorized access to sensitive system files, configuration files, and potentially user data. Attackers could also write malicious web shells to the server, leading to full remote code execution and complete system compromise. The availability of a public exploit significantly increases the likelihood of opportunistic attacks targeting vulnerable instances. Organizations failing to patch face data breaches, system defacement, or complete loss of control over their web application and underlying server infrastructure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-14635 immediately by applying commit \u003ccode\u003e2a9497ff11f36e573ad99e1c357ff0e6ded49745\u003c/code\u003e to your kirilkirkov Ecommerce-CodeIgniter-Bootstrap installation.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided in this brief to your web server logs (category: webserver) to detect exploitation attempts.\u003c/li\u003e\n\u003cli\u003eEnsure comprehensive web server access logging is enabled to capture full HTTP request details, including URI path and query strings, for improved detection and forensic analysis.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-04T17:19:17Z","date_published":"2026-07-04T17:19:17Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14635-path-traversal/","summary":"A high-severity path traversal vulnerability (CVE-2026-14635) has been identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions up to commit 222ff31c066, allowing remote attackers to access or modify arbitrary files by manipulating the 'folder' argument in the Vendor Multi-Image Endpoint, with a public exploit available.","title":"CVE-2026-14635: Path Traversal in kirilkirkov Ecommerce-CodeIgniter-Bootstrap","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14635-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed - Kirilkirkov","version":"https://jsonfeed.org/version/1.1"}