CVE-2025-12919 | EverShop up to 2.0.1 Order Order.resolvers.js uuid resource injection

A vulnerability was found in EverShop up to 2.0.1. It has been declared as problematic. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers.

This vulnerability was named CVE-2025-12919. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More