Vulnerability Description
A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of the component Installation Endpoint. The manipulation leads to improper authentication. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The identifier of the patch is 45758e4ec22451ab944ae2ae826b1e70f6450dc9. It is recommended to apply a patch to fix this issue.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/innocommerce/innoshop/
- https://github.com/innocommerce/innoshop/commit/45758e4ec22451ab944ae2ae826b1e70
- https://github.com/innocommerce/innoshop/issues/314
- https://github.com/innocommerce/innoshop/issues/314#issuecomment-4357464458
- https://vuldb.com/submit/806484
- https://vuldb.com/vuln/360576
- https://vuldb.com/vuln/360576/cti
FAQ
What is CVE-2026-7630?
CVE-2026-7630 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of t...
How severe is CVE-2026-7630?
CVE-2026-7630 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-7630?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.