VulnerableCode Package Details - pkg:composer/prestashop/prestashop@8.2.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-cf1h-m5xj-mfc5 Aliases: CVE-2026-25597 GHSA-67v7-3g49-mxh2	PrestaShop affected by time based enumeration in FO login form ### Impact A time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times. ### Patches 8.2.4 and 9.0.3 ### Workarounds none ### References Found by Lam Yiu Tung	8.2.4 Affected by 0 other vulnerabilities. 9.0.3 Affected by 0 other vulnerabilities. 9.1.0-beta.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-cf1h-m5xj-mfc5
Aliases:
CVE-2026-25597
GHSA-67v7-3g49-mxh2

PrestaShop affected by time based enumeration in FO login form ### Impact A time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times. ### Patches 8.2.4 and 9.0.3 ### Workarounds none ### References Found by Lam Yiu Tung

8.2.4
Affected by 0 other vulnerabilities.

9.0.3
Affected by 0 other vulnerabilities.

9.1.0-beta.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1trs-ajxn-jkhk	Presta Shop vulnerable to email enumeration ### Impact An unauthenticated attacker with access to the back-office URL can manipulate the id_employee and reset_token parameters to enumerate valid back-office employee email addresses. Impacted parties: Store administrators and employees: their email addresses are exposed. Merchants: risk of phishing, social engineering, and brute-force attacks targeting admin accounts. ### Patches PrestaShop 8.2.3 ### Workarounds You must upgrade, or at least apply the changes from the PrestaShop 8.2.3 patch. More information: https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release/	CVE-2025-51586 GHSA-8xx5-h6m3-jr33

Vulnerability

Summary

Aliases

VCID-1trs-ajxn-jkhk

Presta Shop vulnerable to email enumeration ### Impact An unauthenticated attacker with access to the back-office URL can manipulate the id_employee and reset_token parameters to enumerate valid back-office employee email addresses. Impacted parties: Store administrators and employees: their email addresses are exposed. Merchants: risk of phishing, social engineering, and brute-force attacks targeting admin accounts. ### Patches PrestaShop 8.2.3 ### Workarounds You must upgrade, or at least apply the changes from the PrestaShop 8.2.3 patch. More information: https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release/

CVE-2025-51586
GHSA-8xx5-h6m3-jr33

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T00:15:26.263723+00:00	GitLab Importer	Affected by	VCID-cf1h-m5xj-mfc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/prestashop/prestashop/GHSA-67v7-3g49-mxh2.yml	38.4.0
2026-04-17T00:14:52.191689+00:00	GitLab Importer	Affected by	VCID-cf1h-m5xj-mfc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/prestashop/prestashop/CVE-2026-25597.yml	38.4.0
2026-04-16T23:40:07.092035+00:00	GitLab Importer	Fixing	VCID-1trs-ajxn-jkhk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/prestashop/prestashop/CVE-2025-51586.yml	38.4.0
2026-04-12T01:39:29.215891+00:00	GitLab Importer	Affected by	VCID-cf1h-m5xj-mfc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/prestashop/prestashop/GHSA-67v7-3g49-mxh2.yml	38.3.0
2026-04-12T01:38:52.340971+00:00	GitLab Importer	Affected by	VCID-cf1h-m5xj-mfc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/prestashop/prestashop/CVE-2026-25597.yml	38.3.0
2026-04-12T01:00:53.314831+00:00	GitLab Importer	Fixing	VCID-1trs-ajxn-jkhk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/prestashop/prestashop/CVE-2025-51586.yml	38.3.0
2026-04-07T04:58:41.512645+00:00	GHSA Importer	Fixing	VCID-1trs-ajxn-jkhk	https://github.com/advisories/GHSA-8xx5-h6m3-jr33	38.1.0
2026-04-03T01:48:24.483705+00:00	GitLab Importer	Affected by	VCID-cf1h-m5xj-mfc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/prestashop/prestashop/GHSA-67v7-3g49-mxh2.yml	38.1.0
2026-04-03T01:47:49.412013+00:00	GitLab Importer	Affected by	VCID-cf1h-m5xj-mfc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/prestashop/prestashop/CVE-2026-25597.yml	38.1.0
2026-04-03T01:09:06.067874+00:00	GitLab Importer	Fixing	VCID-1trs-ajxn-jkhk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/prestashop/prestashop/CVE-2025-51586.yml	38.1.0
2026-04-02T12:42:07.510546+00:00	GitLab Importer	Fixing	VCID-1trs-ajxn-jkhk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/prestashop/prestashop/CVE-2025-51586.yml	38.0.0
2026-04-01T12:55:12.900935+00:00	GithubOSV Importer	Fixing	VCID-1trs-ajxn-jkhk	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-8xx5-h6m3-jr33/GHSA-8xx5-h6m3-jr33.json	38.0.0