VDB
EN
MEDIUM 4.2

GHSA-8xx5-h6m3-jr33

Presta Shop vulnerable to email enumeration

상세

### Impact An unauthenticated attacker with access to the back-office URL can manipulate the id_employee and reset_token parameters to enumerate valid back-office employee email addresses.

Impacted parties: Store administrators and employees: their email addresses are exposed. Merchants: risk of phishing, social engineering, and brute-force attacks targeting admin accounts.

### Patches PrestaShop 8.2.3

### Workarounds You must upgrade, or at least apply the changes from the PrestaShop 8.2.3 patch. More information: https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release/

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Packagist / prestashop/prestashop
최초 영향 버전: 0 수정 버전: 8.2.3
수정 composer require prestashop/prestashop:^8.2.3

참고