Vulnerabilities in InnoShop

3 results

CVE-2025-52921CRITICALIn Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution oEPSS 0.5%CVE-2025-52922HIGHInnoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel coEPSS 0.5%CVE-2025-52920MEDIUMInnoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within the frontend shop. Anyone can create a custoEPSS 0.3%