Lucene search
K

4 matches found

OSV
OSV
added 2025/10/16 8:0 p.m.4 views

GHSA-WVPG-4WRH-5889 PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

Impact Wrong usage of the PHP arraysearch allows bypass of validation. Patches The problem has been patched in versions: - v4.4.1 for PrestaShop 1.7 build number: 7.4.4.1 - v4.4.1 for PrestaShop 8 build number: 8.4.4.1 - v5.0.5 for PrestaShop 1.7 build number: 7.5.0.5 - v5.0.5 for PrestaShop 8...

3.8CVSS6.9AI score0.00246EPSS
Exploits0References3
CVE
CVE
added 2025/10/16 5:33 p.m.12 views

CVE-2025-61924

CVE-2025-61924 affects PrestaShop Checkout (ps_checkout) in editions prior to 4.4.1 and 5.0.5. The root cause is incorrect use of PHP array_search() in backoffice logic, enabling potential Target PayPal merchant account hijacking. Mitigation: upgrade to 4.4.1 for PrestaShop 1.7/8 (and 5.0.5 for P...

3.8CVSS6.4AI score0.00246EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/10/16 5:33 p.m.6 views

CVE-2025-61924 PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP arraysearch. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known...

3.8CVSS6.8AI score0.00246EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/16 12:0 a.m.4 views

PT-2025-42516

Name of the Vulnerable Software and Affected Versions PrestaShop Checkout versions prior to 4.4.1 and 5.0.5 Description A flaw exists in the PrestaShop Checkout module due to incorrect use of the PHP array search function. This improper usage allows bypassing validation, potentially leading to th...

3.8CVSS6.7AI score0.00246EPSS
Exploits0References8
Rows per page
Query Builder