PT-2026-57368 · Prestashop · Ps Facetedsearch
Published
2026-07-10
·
Updated
2026-07-11
·
CVE-2026-54159
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ps facetedsearch versions 3.0.0 through 4.0.3
Description
A PHP Object Injection issue exists in the
ps facetedsearch module. The module rebuilds search filters from the request URL, but the values for slider filters, specifically price or weight, are not sufficiently validated. These values are stored in an internal filter-block cache as serialized data and subsequently processed using the native unserialize() function. An unauthenticated remote attacker can provide a crafted value to inject a malicious serialized PHP object into the cache. Upon deserialization, a gadget chain allows the attacker to write an arbitrary PHP file within the module directory, enabling remote code execution and full server compromise via a webshell.Recommendations
Upgrade the ps facetedsearch module to the patched version.
In the
getFromCache() method within the src/Filters/Block.php file, replace the native unserialize() call with Tools::unSerialize().
Remove price and weight slider filters from filter templates exposed on the front office.
Clear the faceted-search filter cache and audit the modules/ps facetedsearch/ directory for unexpected PHP files.
Monitor search requests for PHP serialization patterns and block them at the WAF level.Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ps Facetedsearch