No Patch, Full Exploit: CVSS 9.9 RCE & IDOR Flaws in InnoShop eCommerce Platform

June 23, 2025

No Patch, Full Exploit: CVSS 9.9 RCE & IDOR Flaws in InnoShop eCommerce Platform

Security researcher TheHiker disclosured three serious vulnerabilities in InnoShop, an open-source eCommerce system built on Laravel 12.
These issues—ranging from insecure direct object references (ID …

Published Date:
Jun 24, 2025 (58 minutes ago)

Vulnerabilities has been mentioned in this article.

Source: Read More

Previous ArticleFrom Bypass to Root: Mandiant Red Team Exploits CVE-2025-2171 and CVE-2025-2172 in Aviatrix Cloud Controller

Next Article CVE-2025-5777 – Critical Citrix NetScaler Vulnerability

Highlights

CVE-2025-4102 – Beaver Builder Plugin for WordPress Arbitrary File Upload Vulnerability

June 20, 2025

CVE ID : CVE-2025-4102

Published : June 20, 2025, 12:15 p.m. | 2 hours, 28 minutes ago

Description : The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘save_enabled_icons’ function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. The vulnerability was partially patched in version 2.9.1.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

No Patch, Full Exploit: CVSS 9.9 RCE & IDOR Flaws in InnoShop eCommerce Platform

No Patch, Full Exploit: CVSS 9.9 RCE & IDOR Flaws in InnoShop eCommerce Platform

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

How Yelp’s latest AI updates better connect restaurant owners and diners

This is Microsoft’s canceled Windows-based Surface Duo — the dual-screen Windows Phone from 2018 that we never got

‘7 Days to Die’ meets ‘Animal Crossing’: This wholesome survival game for Xbox and PC has some interesting inspiration

NVIDIA Container Toolkit Vulnerability Allows Elevated Arbitrary Code Execution

CVE-2025-4102 – Beaver Builder Plugin for WordPress Arbitrary File Upload Vulnerability

10 Best DevOps Automation Tools in 2025

Meta AI can summarize your unread WhatsApp messages now – how to try it

I keep seeing people at events taking notes on E-Ink tablets — so I tried one to see what all the fuss is about

No Patch, Full Exploit: CVSS 9.9 RCE & IDOR Flaws in InnoShop eCommerce Platform

No Patch, Full Exploit: CVSS 9.9 RCE & IDOR Flaws in InnoShop eCommerce Platform

Related Posts