CNNVD-202506-2937 Information

CNNVD ID

CNNVD-202506-2937

Related CVE

CVE-2025-52920

• CNNVD Published: 2025-06-23

Description (Chinese)

InnoShop是InnoShop开源的一个基于 Laravel 11 的开源电子商务系统。 InnoShop 0.4.1及之前版本存在安全漏洞，该漏洞源于前端商店多处存在不安全的直接对象引用，可能导致泄露其他客户个人信息和删除产品评论。

Description (English)

InnoShop is an open-source e-commerce system based on Laravel 11. InnoShop 0.4.1 and previous versions contain a security loophole, which stems from the existence of unsafe direct-object references in multiple front-end stores, which may lead to the disclosure of other client personal information and the deletion of product comments.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

InnoShop

Published

2025-06-23

Last Modified

2026-02-24

References

https://github.com/innocommerce/innoshop https://medium.com/@The_Hiker/how-i-found-multiple-cves-in-innoshop-0-4-1-12c8f84ad87f https://access.redhat.com/security/cve/cve-2025-52920