Security: kirilkirkov/Ecommerce-CodeIgniter-Bootstrap
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Admin Orders Page Stored Malicious URL Injection via Referrer HeaderGHSA-x9pg-hvpj-9q44 published
May 20, 2026 by kirilkirkovModerate -
Subscribed Emails Admin Page Stored XSS via User-Agent HeaderGHSA-v69c-5xg5-q7r8 published
May 20, 2026 by kirilkirkovHigh -
Vendor Image Manager Arbitrary Image File Upload via Path TraversalGHSA-q3g4-wpv3-v23v published
May 20, 2026 by kirilkirkovModerate -
PayPal Order Status Forgery via Untrusted Client-Side CookieGHSA-qwfx-p5xq-5g4g published
May 20, 2026 by kirilkirkovCritical -
Unsafe Deserialization in Shopping Cart Cookie HandlingGHSA-9g5q-g6m3-v5cr published
May 20, 2026 by kirilkirkovHigh -
Hidden API Unauthenticated Product Creation Leading to Stored XSSGHSA-8q62-q8qx-j49g published
May 20, 2026 by kirilkirkovModerate -
Unauthenticated Product Creation via Exposed API Endpoint (/api/product/set) Allows Arbitrary Catalog InjectionGHSA-8v48-3pmp-jgq7 published
May 20, 2026 by kirilkirkovModerate -
Vendor "Remember Me" Cookie Uses Plain Email Address as Authentication Token, Allowing Unauthenticated Account TakeoverGHSA-2xwh-fqc6-crrp published
May 20, 2026 by kirilkirkovCritical -
Path Traversal in Vendor Multi-Image Endpoints Allows Directory Creation, File Upload, and File Deletion Outside Intended Shop Images DirectoryGHSA-6whv-r5hm-vcjr published
May 20, 2026 by kirilkirkovCritical
Learn more about advisories related to kirilkirkov/Ecommerce-CodeIgniter-Bootstrap in the GitHub Advisory Database