PT-2026-39555 · Packagist · Prestashop Checkout

Published

2026-04-30

·

Updated

2026-04-30

CVSS v4.0

2.7

Low

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

Impact

Unvalidated parameter can lead to some unauthorized method invocation with very little possibilities.

Patches

The problem has been patched in versions
  • v5.3.0 for PrestaShop 1.7 (build number: 7.5.3.0)
  • v5.3.0 for PrestaShop 8 (build number: 8.5.3.0)
  • v5.3.0 for PrestaShop 9 (build number: 9.5.3.0)
Read the [Versioning policy](https://github.com/PrestaShopCorp/ps checkout/wiki/Versioning) to learn more about the build numbers.

Credits

PrestaShop thanks PATICEO for reporting the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

GHSA-MQQ7-WXX5-MP8H

Affected Products

Prestashop Checkout