SecuriTricks - CVE-2025-52921

Description

In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming it to have a .php extension by using the Rename Function. This bypasses the initial check that uploaded files are image files. The application relies on frontend checks to restrict the administrator from changing the extension of uploaded files to .php. This restriction is easily bypassed with any proxy tool (e.g., BurpSuite). Once the attacker renames the file, and gives it the .php extension, a GET request can be used to trigger the execution of code on the server.

Product(s) Impacted

Vendor	Product	Versions
Innoshop	Innoshop	0.4.1

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-420

Unprotected Alternate Channel

The product protects a primary channel, but it does not use the same level of protection for an alternate channel.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	innoshop	innoshop	0.4.1	/	/	/	/	/	/	/

References

https://github.com/innocommerce/innoshop

https://medium.com/@The_Hiker/how-i-found-multiple-cves-in-innoshop-0-4-1-12c8f84ad87f

CVSS Score

9.9 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

View Vector String

Timeline

Published: June 23, 2025, 12:15 p.m.
Last Modified: June 23, 2025, 8:16 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

CVE-2025-52921