CNNVD-202511-878 Information
CNNVD ID
CNNVD-202511-878
Related CVE
- CNNVD Published: 2025-11-09
Description (Chinese)
EverShop是EverShop开源的一个 NodeJS 电商平台。 EverShop 2.0.1及之前版本存在安全漏洞,该漏洞源于对文件/src/modules/oms/graphql/types/Order/Order.resolvers.js中参数uuid的资源标识符控制不当,可能导致远程攻击。
Description (English)
EverShop is a NodeJSS electrician platform that is open to EverShop. The EverShop 2.0.1 and previous versions had a security loophole, which stemmed from inadequate control over the resource identifier for uuid, the parameter in document/src/modules/oms/graphql/types/Order/Order.resolvers.js, which could lead to a long-range attack.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
EverShop
Published
2025-11-09
Last Modified
2026-02-24
References
https://vuldb.com/?submit.680788 https://github.com/ictrun/Evershop-Order-leak/blob/main/README.md https://github.com/ictrun/Evershop-Order-leak/blob/main/README.md#attack-steps https://vuldb.com/?id.331639 https://vuldb.com/?ctiid.331639 https://access.redhat.com/security/cve/cve-2025-12919
Share on: