CVE-2025-12919 | EverShop up to 2.0.1 Order Order.resolvers.js uuid resource injection

A vulnerability was found in EverShop up to 2.0.1. It has been declared as problematic. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers.

This vulnerability was named CVE-2025-12919. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-12919 | EverShop up to 2.0.1 Order Order.resolvers.js uuid resource injection

Post correlati

CVE-2025-1107 | Impronta Janto 4.3r10.cks/4.3r11 /public/cgi/Gateway.php unverified password change

CVE-2024-35172 | ShortPixel Adaptive Images Plugin up to 3.8.3 on WordPress server-side request forgery

CVE-2025-23338 | NVIDIA CUDA Toolkit ELF File array index

CVE-2024-4066 | Tenda AC8 16.03.34.09 /goform/AdvSetMacMtuWan fromAdvSetMacMtuWan stack-based overflow