MEDIUM 5.3
GHSA-67v7-3g49-mxh2
PrestaShop affected by time based enumeration in FO login form
Details
### Impact A time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times.
### Patches 8.2.4 and 9.0.3
### Workarounds none
### References Found by Lam Yiu Tung
Are you affected?
Enter the version of the package you're using.
Affected packages
Packagist / prestashop/prestashop
Introduced in:
9.0.0-alpha.1 Fixed in: 9.0.3 Fix
composer require prestashop/prestashop:^9.0.3 Packagist / prestashop/prestashop
Introduced in:
0 Fixed in: 8.2.4 Fix
composer require prestashop/prestashop:^8.2.4 References
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-67v7-3g49-mxh2 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-25597 [ADVISORY]
- https://github.com/PrestaShop/PrestaShop [PACKAGE]
- https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.4 [WEB]
- https://github.com/PrestaShop/PrestaShop/releases/tag/9.0.3 [WEB]