CNNVD-202601-825 Information
Jan 05, 2026
cve
CNNVD ID
CNNVD-202601-825
Related CVE
- CNNVD Published: 2026-01-05
Description (Chinese)
EverShop是EverShop开源的一个 NodeJS 电商平台。 EverShop 2.1.0及之前版本存在安全漏洞,该漏洞源于对src查询参数验证不足,可能导致服务端请求伪造攻击。
Description (English)
EverShop is a NodeJSS electrician platform that is open to EverShop. The EverShop 2.1.0 and previous versions had a security loophole, which stemmed from inadequate verification of src search parameters, which could lead to a request by the service side for a false attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
EverShop
Published
2026-01-05
Last Modified
2026-02-24
References
https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2025-67427 https://github.com/evershopcommerce/evershop https://access.redhat.com/security/cve/cve-2025-67427
Share on: