CNNVD-202602-951 Information
CNNVD ID
CNNVD-202602-951
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
PrestaShop是美国PrestaShop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 PrestaShop 8.2.4之前版本和9.0.3之前版本存在安全漏洞,该漏洞源于用户身份验证功能中存在基于时间的用户枚举漏洞,允许攻击者通过测量响应时间来确定系统中是否存在客户账户。
Description (English)
PrestaShop is an open-source e-commerce solution for PrestaShop in the United States. The programme provides multiple payment modes, SMS alerts and commodity photo scaling. Prior to PrestaShop 8.2.4 and before 9.3, there was a security loophole, which stemmed from time-based user openings in the user identification function, allowing the assailant to determine whether a customer account existed in the system by measuring the response time.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
PrestaShop
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.4 https://github.com/PrestaShop/PrestaShop/releases/tag/9.0.3 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-67v7-3g49-mxh2 https://access.redhat.com/security/cve/cve-2026-25597
Patch
https://github.com/PrestaShop/PrestaShop/releases
Share on: