Inem0O

**Name of the Vulnerable Software and Affected Versions** PrestaShop Checkout versions 1.3.0 through 4.4.0 PrestaShop Checkout versions 5.0.0 through 5.0.4 **Description** The PrestaShop Checkout module, used in partnership with PayPal, contains a flaw in the Express Checkout feature. Missing validation allows for silent login, potentially enabling account takeover via email. This issue affects versions starting from 1.3.0. There are reports of a zero-click account takeover vulnerability. The vulnerability allows attackers to bypass authentication entirely, gaining unauthorized access to customer accounts. **Recommendations** Update to PrestaShop Checkout version 4.4.1 for PrestaShop 1.7 (build number 7.4.4.1). Update to PrestaShop Checkout version 4.4.1 for PrestaShop 8 (build number 8.4.4.1). Update to PrestaShop Checkout version 5.0.5 for PrestaShop 1.7 (build number 7.5.0.5). Update to PrestaShop Checkout version 5.0.5 for PrestaShop 8 (build number 8.5.0.5). Update to PrestaShop Checkout version 5.0.5 for PrestaShop 9 (build number 9.5.0.5).

**Name of the Vulnerable Software and Affected Versions** PrestaShop Checkout versions prior to 4.4.1 and 5.0.5 **Description** The PrestaShop Checkout module is susceptible to a directory traversal and arbitrary file disclosure due to missing input validation in the backoffice. This allows unauthorized access to files. **Recommendations** Update to PrestaShop Checkout version 4.4.1 for PrestaShop 1.7. Update to PrestaShop Checkout version 4.4.1 for PrestaShop 8. Update to PrestaShop Checkout version 5.0.5 for PrestaShop 1.7. Update to PrestaShop Checkout version 5.0.5 for PrestaShop 8. Update to PrestaShop Checkout version 5.0.5 for PrestaShop 9.

**Name of the Vulnerable Software and Affected Versions** PrestaShop Checkout versions prior to 4.4.1 and 5.0.5 **Description** A flaw exists in the PrestaShop Checkout module due to incorrect use of the PHP `array search()` function. This improper usage allows bypassing validation, potentially leading to the hijacking of the Target PayPal merchant account from the backoffice. **Recommendations** Update to PrestaShop Checkout version 4.4.1 for PrestaShop 1.7 and 8. Update to PrestaShop Checkout version 5.0.5 for PrestaShop 1.7, 8, and 9.