CNNVD-202602-2196 Information

CNNVD ID

CNNVD-202602-2196

Related CVE

CVE-2025-69633

• CNNVD Published: 2026-02-13

Description (Chinese)

PrestaShop是美国PrestaShop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 PrestaShop module advancedpopupcreator 1.1.26至1.2.6版本存在安全漏洞，该漏洞源于对fromController参数清理不足，可能导致远程未经验证攻击者执行任意SQL查询。

Description (English)

PrestaShop is an open-source e-commerce solution for PrestaShop in the United States. The programme provides multiple payment modes, SMS alerts and commodity photo scaling. There is a security loophole in PrestaShop Modeule advancedpopupcréator 1.1.26 to 1.2.6, which stems from the inadequate clean-up of fromController parameters, which may lead to arbitrary SQL inquiries by remote unverified assailants.

Vulnerability Type

其他

Affected Vendor

PrestaShop

Published

2026-02-13

Last Modified

2026-02-24

References

https://addons.prestashop.com/en/pop-up-gamification/23773-popup-on-entry-exit-popup-and-newsletter.html https://labs.esokia.com/cve/cve-2025-69633/

Patch

https://addons.prestashop.com/en/pop-up-gamification/23773-popup-on-entry-exit-popup-and-newsletter.html