CNNVD-202510-2318 Information
Oct 16, 2025
cve
CNNVD ID
CNNVD-202510-2318
Related CVE
- CNNVD Published: 2025-10-16
Description (Chinese)
PrestaShop Checkout是PrestaShopCorp开源的一个结账支付模块。 PrestaShop Checkout 4.4.1之前版本和5.0.5之前版本存在授权问题漏洞,该漏洞源于Express Checkout功能缺少验证,可能导致通过电子邮件进行账户接管。
Description (English)
PrestaShop Checkout is a closing payment module for PrestaShopCorp. PrestaShop Checkout 4.4.1 and 5.5 had a mandate gap, which stemmed from the lack of validation of Express Checkout ’ s functionality and could lead to account takeovers by e-mail.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
PrestaShopCorp
Published
2025-10-16
Last Modified
2026-02-24
References
https://github.com/PrestaShopCorp/ps_checkout/security/advisories/GHSA-54hq-mf6h-48xh
Patch
https://github.com/PrestaShopCorp/ps_checkout/releases
Share on: