VDB
KO
MEDIUM 4.2

GHSA-8xx5-h6m3-jr33

Presta Shop vulnerable to email enumeration

Details

### Impact An unauthenticated attacker with access to the back-office URL can manipulate the id_employee and reset_token parameters to enumerate valid back-office employee email addresses.

Impacted parties: Store administrators and employees: their email addresses are exposed. Merchants: risk of phishing, social engineering, and brute-force attacks targeting admin accounts.

### Patches PrestaShop 8.2.3

### Workarounds You must upgrade, or at least apply the changes from the PrestaShop 8.2.3 patch. More information: https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release/

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist / prestashop/prestashop
Introduced in: 0 Fixed in: 8.2.3
Fix composer require prestashop/prestashop:^8.2.3

References