資安威脅情報中心

基本資訊

GHSA ID: GHSA-67v7-3g49-mxh2
CVE ID: CVE-2026-25597
嚴重性: MEDIUM
發布時間: 2026-02-03T21:13:02Z
來源: GitHub Advisory

漏洞描述

Impact

A time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times.

Patches

8.2.4 and 9.0.3

Workarounds

none

References

Found by Lam Yiu Tung

影響範圍

composer:prestashop/prestashop (>= 9.0.0-alpha.1, < 9.0.3) → 9.0.3
composer:prestashop/prestashop (< 8.2.4) → 8.2.4

CVSS 評分

CVSS v3: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CWE 分類

CWE-208: Observable Timing Discrepancy

EPSS 評分

EPSS: N/A

萃取備註

資料來源: GitHub Security Advisories Database
信心水準: 高(官方漏洞資料庫)
處理時間: 2026-02-08T07:47:56.798791

PrestaShop affected by time based enumeration in FO login form