CNNVD-202506-2940 Information

CNNVD ID

CNNVD-202506-2940

Related CVE

CVE-2025-52922

• CNNVD Published: 2025-06-23

Description (Chinese)

InnoShop是InnoShop开源的一个基于 Laravel 11 的开源电子商务系统。 Innoshop 0.4.1及之前版本存在安全漏洞，该漏洞源于FileManager API端点存在目录遍历，可能导致文件系统操作。

Description (English)

InnoShop is an open-source e-commerce system based on Laravel 11. There is a security loophole in Innocent 0.4.1 and previous versions, which stems from the existence of directories at the FileManager API endpoint, which may lead to filesystem operations.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

InnoShop

Published

2025-06-23

Last Modified

2026-02-24

References

https://github.com/innocommerce/innoshop https://medium.com/@The_Hiker/how-i-found-multiple-cves-in-innoshop-0-4-1-12c8f84ad87f https://access.redhat.com/security/cve/cve-2025-52922