MEDIUM 5.3
GHSA-67v7-3g49-mxh2
PrestaShop affected by time based enumeration in FO login form
상세
### Impact A time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times.
### Patches 8.2.4 and 9.0.3
### Workarounds none
### References Found by Lam Yiu Tung
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
Packagist / prestashop/prestashop
최초 영향 버전:
9.0.0-alpha.1 수정 버전: 9.0.3 수정
composer require prestashop/prestashop:^9.0.3 Packagist / prestashop/prestashop
최초 영향 버전:
0 수정 버전: 8.2.4 수정
composer require prestashop/prestashop:^8.2.4 참고
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-67v7-3g49-mxh2 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-25597 [ADVISORY]
- https://github.com/PrestaShop/PrestaShop [PACKAGE]
- https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.4 [WEB]
- https://github.com/PrestaShop/PrestaShop/releases/tag/9.0.3 [WEB]