3 matches found
CVE-2025-52922
creationtimestamp| type| source ---|---|--- 2025-06-23 12:47:49+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19196...
CVE-2025-52922
Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: 1 fully map the filesystem structure via the /api/filemanager/files?basefolder= endpoint, 2 create arbitrary directories on the server via...
CVE-2025-52922
CVE-2025-52922 affects Innoshop up to 0.4.1, where a directory-traversal flaw in the FileManager API endpoints allows an authenticated admin to map the filesystem, create directories, read files, delete files, and create files by moving them. Affected endpoints include /api/file_manager/files?bas...