CNNVD-202510-2315 Information

CNNVD ID

CNNVD-202510-2315

Related CVE

CVE-2025-61923

• CNNVD Published: 2025-10-16

Description (Chinese)

PrestaShop Checkout是PrestaShopCorp开源的一个结账支付模块。 PrestaShop Checkout 4.4.1之前版本和5.0.5之前版本存在路径遍历漏洞，该漏洞源于后台缺少输入验证，可能导致目录遍历和任意文件泄露。

Description (English)

PrestaShop Checkout is a closing payment module for PrestaShopCorp. PrestaShop Checkout 4.4.1 has a loophole in the path before and before 5.4.5, which stems from a lack of input validation in the back-office, which may lead to the cataloguing of the directory and the disclosure of any file.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

PrestaShopCorp

Published

2025-10-16

Last Modified

2026-02-24

References

https://github.com/PrestaShopCorp/ps_checkout/security/advisories/GHSA-fpxp-pfqm-x54w https://access.redhat.com/security/cve/cve-2025-61923

Patch

https://github.com/PrestaShopCorp/ps_checkout/releases