File Manager Vulnerability in Innoshop Affecting Admin Panel
CVE-2025-52921

9.9CRITICAL

Key Information:

Vendor: Innoshop
Status: Innoshop
Vendor: CVE Published:; 23 June 2025

What is CVE-2025-52921?

In versions of Innoshop through 0.4.1, a security flaw exists in the file management functionality of the admin panel. Authenticated attackers can exploit this vulnerability by uploading a malicious file and subsequently renaming it to a .php extension. This process circumvents existing frontend checks that are intended to restrict file type changes. The attacker's ability to utilize proxy tools, like BurpSuite, allows for the bypassing of security measures that should prevent this action. Once the crafted file is renamed, it can be executed on the server via a simple GET request, leading to potential server compromise.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

InnoShop 0 <= 0.4.1

References

https://github.com/innocommerce/innoshop

https://medium.com/@The_Hiker/how-i-found-multiple-cves-i...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 23, 2025
Vulnerability Reserved
Jun 21, 2025

JSON

Innoshop

What is CVE-2025-52921?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.