PT-2026-8039 · Prestashop · Advanced Popup Creator
Published
2026-02-13
·
Updated
2026-02-14
·
CVE-2025-69633
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PrestaShop Advanced Popup Creator module versions 1.1.26 through 1.2.6
Description
A SQL Injection issue exists in the Advanced Popup Creator module for PrestaShop. The issue is due to unsanitized data being passed to SQL queries within the
getPopups() and updateVisits() functions in the classes/AdvancedPopup.php file. Specifically, the fromController parameter is vulnerable. Attackers can remotely execute arbitrary SQL queries.Recommendations
Update to version 1.2.7 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Advanced Popup Creator