4 matches found
GHSA-WVPG-4WRH-5889 PrestaShop Checkout Target PayPal merchant account hijacking from backoffice
Impact Wrong usage of the PHP arraysearch allows bypass of validation. Patches The problem has been patched in versions: - v4.4.1 for PrestaShop 1.7 build number: 7.4.4.1 - v4.4.1 for PrestaShop 8 build number: 8.4.4.1 - v5.0.5 for PrestaShop 1.7 build number: 7.5.0.5 - v5.0.5 for PrestaShop 8...
CVE-2025-61924
CVE-2025-61924 affects PrestaShop Checkout (ps_checkout) in editions prior to 4.4.1 and 5.0.5. The root cause is incorrect use of PHP array_search() in backoffice logic, enabling potential Target PayPal merchant account hijacking. Mitigation: upgrade to 4.4.1 for PrestaShop 1.7/8 (and 5.0.5 for P...
CVE-2025-61924 PrestaShop Checkout Target PayPal merchant account hijacking from backoffice
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP arraysearch. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known...
PT-2025-42516
Name of the Vulnerable Software and Affected Versions PrestaShop Checkout versions prior to 4.4.1 and 5.0.5 Description A flaw exists in the PrestaShop Checkout module due to incorrect use of the PHP array search function. This improper usage allows bypassing validation, potentially leading to th...