CNNVD-202602-1474 Information

CNNVD ID

CNNVD-202602-1474

Related CVE

CVE-2026-25993

• CNNVD Published: 2026-02-10

Description (Chinese)

EverShop是EverShop开源的一个 NodeJS 电商平台。 EverShop 2.1.1之前版本存在SQL注入漏洞，该漏洞源于在处理类别更新和删除事件时，通过字符串拼接将url_key值嵌入SQL语句，可能导致二阶SQL注入攻击。

Description (English)

EverShop is a NodeJSS electrician platform that is open to EverShop. The previous version of EverShop 2.1.1 had an injection loophole in SQL, which arose from the embedding of url key values into SQL statements by stringing when dealing with category updates and deletions, which could lead to a second-stage SQL injection attack.

Vulnerability Type

SQL注入

Affected Vendor

EverShop

Published

2026-02-10

Last Modified

2026-02-24

References

https://github.com/evershopcommerce/evershop/security/advisories/GHSA-3h84-9rhc-j2ch http://github.com/evershopcommerce/evershop/commit/5c5bdf2c1ad5d16ae68e9e48b494563953b6d1cd https://access.redhat.com/security/cve/cve-2026-25993

Patch

https://evershop.io/