Volerion logoVolerion
Volerion logoVolerion

EverShop Second-Order SQL Injection Vulnerability in URL Rewrite Processing

Vulnerability

A second-order SQL injection vulnerability has been identified in EverShop, a TypeScript-first eCommerce platform, in versions prior to 2.1.1. The issue arises during the handling of category update and deletion events, where the application incorporates request path values—derived from the url_key stored in the database—into SQL statements through string concatenation. These modified SQL statements are then executed, allowing for the injection of malicious strings into the SQL query. This vulnerability could be exploited by manipulating the url_key of a category, which would then be processed during the category update or deletion event, leading to the execution of the injected SQL code.

Impact

Exploitation of this vulnerability allows for second-order SQL injection, where malicious SQL code is injected through manipulated url_key values and executed in the context of the application's database operations.

Remediation

Users can upgrade to EverShop version 2.1.1 or later to address this vulnerability.

Added: Feb 10, 2026, 6:19 PM
Updated: Feb 10, 2026, 6:19 PM

Vulnerability Rating

Custom Algorithm
spread
1.0
impact
3.1
exploitability
5.2
remediation
7.7
relevance
2.9
threat
3.2
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.