PatchSiren

kirilkirkov CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH kirilkirkov CVE published 2026-07-04

CVE-2026-14637

CVE-2026-14637 is a deserialization vulnerability in the getCartItems function of the ShoppingCart.php library in kirilkirkov Ecommerce-CodeIgniter-Bootstrap. The vulnerability allows remote attackers to execute arbitrary code. The affected product uses continuous delivery with rolling releases, making it difficult to determine the exact version details of affected or updated releases. A patch has been ma [truncated]

MEDIUM kirilkirkov CVE published 2026-07-04

CVE-2026-14635

A path traversal vulnerability has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. The issue affects the Vendor Multi-Image Endpoint in the file application/modules/vendor/controllers/AddProduct.php. Specifically, the argument folder is vulnerable to manipulation, allowing for path traversal attacks. The vulnerability can be exploited remotely [truncated]