CNNVD-202512-195 Information

CNNVD ID

CNNVD-202512-195

Related CVE

CVE-2025-65844

• CNNVD Published: 2025-12-02

Description (Chinese)

EverShop是EverShop开源的一个 NodeJS 电商平台。 EverShop 2.0.1版本存在安全漏洞，该漏洞源于未经身份验证的用户可在/api/images端点上传文件和创建目录。

Description (English)

EverShop is a NodeJSS electrician platform that is open to EverShop. There is a security loophole in version EverShop 2.0, which originates from the uploading of documents and the creation of directories at the/api/images endpoint by uncertified users.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

EverShop

Published

2025-12-02

Last Modified

2026-02-24

References

https://github.com/evershopcommerce/evershop/issues/819 https://access.redhat.com/security/cve/cve-2025-65844