GHSA-67v7-3g49-mxh2

Опубликовано: 03 фев. 2026

Источник: github

Github: Прошло ревью

CVSS3: 5.3

Описание

PrestaShop affected by time based enumeration in FO login form

Impact

A time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times.

Patches

8.2.4 and 9.0.3

Workarounds

none

References

Found by Lam Yiu Tung

Ссылки

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-67v7-3g49-mxh2
https://nvd.nist.gov/vuln/detail/CVE-2026-25597
https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.4
https://github.com/PrestaShop/PrestaShop/releases/tag/9.0.3

Пакеты

Наименование

prestashop/prestashop

composer

Затронутые версииВерсия исправления

>= 9.0.0-alpha.1, < 9.0.3

9.0.3

Наименование

prestashop/prestashop

composer

Затронутые версииВерсия исправления

< 8.2.4

8.2.4

5.3 Medium

CVSS3

CVE ID

CVE-2026-25597