CVE-2025-52921CRITICAL 9.9EPSS p36.9%

CVE-2025-52921CVE-2025-52921

Description

In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming it to have a .php extension by using the Rename Function. This bypasses the initial check that uploaded files are image files. The application relies on frontend checks to restrict the administrator from changing the extension of uploaded files to .php. This restriction is easily bypassed with any proxy tool (e.g., BurpSuite). Once the attacker renames the file, and gives it the .php extension, a GET request can be used to trigger the execution of code on the server.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
EPSS0.47% probability of exploitation · percentile 36.9% · 2026-06-18T12:00:27Z
Published2025-06-23
Last modified2026-04-15

Underlying weaknesses· 1

CWE-420

References

  1. https://github.com/innocommerce/innoshop
  2. https://medium.com/@The_Hiker/how-i-found-multiple-cves-in-innoshop-0-4-1-12c8f84ad87f

1

TypeTargetConfidenceTier
WeaknessUnprotected Alternate Channelcwe-4200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-65473
CVE
CVE-2025-46001
CVE
CVE-2025-65474
CVE
CVE-2025-7755
CVE
CVE-2025-8256
CVE
CVE-2025-10615
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.