{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/innoshop--0.7.8/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7630"}],"_cs_exploited":true,"_cs_products":["InnoShop (\u003c= 0.7.8)"],"_cs_severities":["high"],"_cs_tags":["cve","authentication bypass","web application"],"_cs_type":"threat","_cs_vendors":["innocommerce"],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-7630, affects innocommerce InnoShop versions up to 0.7.8. The vulnerability resides in the \u003ccode\u003eInstallServiceProvider::boot\u003c/code\u003e function within the \u003ccode\u003einnopacks/install/src/InstallServiceProvider.php\u003c/code\u003e file, which governs the installation endpoint. Successful exploitation allows remote attackers to bypass authentication mechanisms, potentially leading to complete system compromise. Publicly available exploits exist, increasing the risk of active exploitation. It is crucial for administrators to apply the provided patch (identifier: \u003ccode\u003e45758e4ec22451ab944ae2ae826b1e70f6450dc9\u003c/code\u003e) immediately.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies an InnoShop instance running a vulnerable version (\u0026lt;= 0.7.8).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the installation endpoint (\u003ccode\u003einnopacks/install/src/InstallServiceProvider.php\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe request exploits the improper authentication in the \u003ccode\u003eInstallServiceProvider::boot\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eAuthentication checks are bypassed due to the vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to the installation process.\u003c/li\u003e\n\u003cli\u003eThe attacker injects malicious code or configurations during the installation phase.\u003c/li\u003e\n\u003cli\u003eThe injected code executes with elevated privileges, granting the attacker control over the InnoShop instance.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes a persistent backdoor for future access and potential data exfiltration or further malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7630 allows unauthenticated remote attackers to compromise InnoShop installations. This can lead to complete control of the web server, potentially affecting sensitive customer data, financial information, and intellectual property.  Given the ease of exploitation and publicly available exploits, unpatched InnoShop instances are at high risk of compromise.  The number of affected installations is currently unknown, but the widespread use of InnoShop in e-commerce makes this a significant threat.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately apply the patch identified by \u003ccode\u003e45758e4ec22451ab944ae2ae826b1e70f6450dc9\u003c/code\u003e to remediate the improper authentication vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect InnoShop Installation Endpoint Access\u0026rdquo; to identify unauthorized access attempts to the installation endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity targeting the \u003ccode\u003einnopacks/install/src/InstallServiceProvider.php\u003c/code\u003e path, based on \u0026ldquo;Detect InnoShop Installation Endpoint Access\u0026rdquo; to identify post-exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-02T14:16:18Z","date_published":"2026-05-02T14:16:18Z","id":"/briefs/2026-05-innoshop-auth-bypass/","summary":"InnoShop version 0.7.8 and earlier contains an improper authentication vulnerability in the InstallServiceProvider::boot function (CVE-2026-7630) that allows remote attackers to bypass authentication and gain unauthorized access to the installation endpoint.","title":"InnoShop Improper Authentication Vulnerability (CVE-2026-7630)","url":"https://feed.craftedsignal.io/briefs/2026-05-innoshop-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — InnoShop (\u003c= 0.7.8)","version":"https://jsonfeed.org/version/1.1"}