CVE-2024-31822

Published: Apr 29, 2024Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component.

Affected (1)

Products: Ecommerce Codeigniter Bootstrap Project: Ecommerce Codeigniter Bootstrap

Ecommerce Codeigniter Bootstrap Project

1 product

Ecommerce Codeigniter Bootstrap

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ecommerce Codeigniter Bootstrap Project Ecommerce Codeigniter Bootstrap	Before 2024-01-02

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

https://gist.github.com/LioTree/f83e25b2c5e144c0b3ad8919e6483c7a

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/d22b54e8915f167a135046ceb857caaf8479c4da

Source: cve@mitre.org

Patch

https://liotree.github.io/2023/Ecommerce-CodeIgniter-Bootstrap.html

Source: cve@mitre.org

Broken Link

https://gist.github.com/LioTree/f83e25b2c5e144c0b3ad8919e6483c7a

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/d22b54e8915f167a135046ceb857caaf8479c4da

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://liotree.github.io/2023/Ecommerce-CodeIgniter-Bootstrap.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.