QwikSec

Security Database

CVE

CWE

Training

CVE-2026-7630

Published: May 2, 2026

Modified: May 4, 2026

PUBLISHED

CVSS v3.1

7.3

HIGH

Description

A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of the component Installation Endpoint. The manipulation leads to improper authentication. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The identifier of the patch is 45758e4ec22451ab944ae2ae826b1e70f6450dc9. It is recommended to apply a patch to fix this issue.

Vendor	Product	Versions
innocommerce	InnoShop	affected `0.6.*` affected `0.7.0` affected `0.7.1` affected `0.7.2` affected `0.7.3` +1 more versions

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

VDB-360576 | innocommerce InnoShop Installation Endpoint InstallServiceProvider.php boot improper authentication

vdb-entry

technical-description

VDB-360576 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #806484 | innocommerce innoshop <= 0.7.3 Missing Authorization

third-party-advisory

https://github.com/innocommerce/innoshop/issues/314

exploit

issue-tracking

https://github.com/innocommerce/innoshop/issues/314#issuecomment-4357464458

issue-tracking

https://github.com/innocommerce/innoshop/commit/45758e4ec22451ab944ae2ae826b1e70f6450dc9

patch

https://github.com/innocommerce/innoshop/

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.