CNNVD-202507-3796 Information
CNNVD ID
CNNVD-202507-3796
Related CVE
- CNNVD Published: 2025-07-30
Description (Chinese)
PrestaShop是美国PrestaShop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 PrestaShop v8.2.0版本存在安全漏洞,该漏洞源于_getHeaders函数存在PHAR反序列化问题,可能导致执行任意代码。
Description (English)
PrestaShop is an open-source e-commerce solution for PrestaShop in the United States. The programme provides multiple payment modes, SMS alerts and commodity photo scaling. There is a security loophole in PrestaShop v8.2.0, which arises from the getheads function with PHAR back-sequencing problems, which may lead to the enforcement of any code.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
PrestaShop
Published
2025-07-30
Last Modified
2026-02-24
References
http://prestashop.com https://github.com/PrestaShop/PrestaShop https://github.com/3em0/cve_repo/blob/main/preshop/CVE-2025-25692.md https://access.redhat.com/security/cve/cve-2025-25692
Patch
https://github.com/PrestaShop/PrestaShop/releases
Share on: