17 matches found
CVE-2026-7630
A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of the component Installation Endpoint. The manipulation leads to improper authentication. Remote...
CVE-2026-7630 innocommerce InnoShop Installation Endpoint InstallServiceProvider.php boot improper authentication
A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of the component Installation Endpoint. The manipulation leads to improper authentication. Remote...
PT-2026-36620
A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of the component Installation Endpoint. The manipulation leads to improper authentication. Remote...
CVE-2025-52921
In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming it to have a .php extension by using the Rename Function. This bypasses the initial check that...
CVE-2025-52921
In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming it to have a .php extension by using the Rename Function. This bypasses the initial check that...
CVE-2025-52920
Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...
CVE-2025-52921
In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming it to have a .php extension by using the Rename Function. This bypasses the initial check that...
PT-2025-26591 · Innoshop · Innoshop
Name of the Vulnerable Software and Affected Versions: Innoshop versions 0.4.1 and earlier Description: The issue allows for Insecure Direct Object Reference IDOR at multiple places within the frontend shop. This can be exploited by creating a customer account, allowing an attacker to disclose th...
InnoShop 安全漏洞
InnoShop is an open source e-commerce system based on Laravel 11 by InnoShop Open Source. A security vulnerability exists in InnoShop 0.4.1 and earlier versions, which stems from the presence of insecure direct object references in multiple locations in the front-end store, which could lead to th...
PT-2025-26592 · Innoshop · Innoshop
Name of the Vulnerable Software and Affected Versions: Innoshop versions 0.4.1 and earlier Description: The issue allows an authenticated attacker to achieve code execution on the server by exploiting the File Manager functions in the admin panel. This is done by uploading a crafted file and then...
CVE-2024-57277
InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting XSS via SVG file upload...
CVE-2024-57277
InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting XSS via SVG file upload...
CVE-2024-57277
InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting XSS via SVG file upload...
CVE-2024-57277
InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting XSS via SVG file upload...
CVE-2024-57277
CVE-2024-57277 affects InnoShop v0.3.8 and earlier, with a Cross-Site Scripting (XSS) vulnerability via SVG file upload. The CVSS v3.1 base score is 5.7 (Medium) with attack vector Network, user interaction Required, privilege level Low, and confidentiality impact High. Root cause details are not...
CVE-2024-57277
InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting XSS via SVG file upload...
InnoShop 安全漏洞
InnoShop is an open source e-commerce system based on Laravel 11 by InnoShop Open Source. A security vulnerability exists in InnoShop V.0.3.8 and earlier versions, which stems from vulnerability to cross-site scripting XSS attacks via SVG file upload...