PrestaShop CVE-2026-33674 vulnerability
Core
Score
5.3 MediumDate publish
26-03-2026Versiones afectadas
- Less than 8.2.5
- Versions from 9.0.0 up to but not including 9.1.0
Description
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.References
Metrics
| cvssMetricV31 | |||||
|---|---|---|---|---|---|
| source | security-advisories@github.com | nvd@nist.gov | |||
| type | Secondary | Primary | |||
| version | 3.1 | 3.1 | |||
| vectorString | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | |||
| baseScore | 2 | 5.3 | |||
| baseSeverity | LOW | MEDIUM | |||
| attackVector | NETWORK | NETWORK | |||
| attackComplexity | HIGH | LOW | |||
| privilegesRequired | HIGH | NONE | |||
| userInteraction | REQUIRED | NONE | |||
| scope | UNCHANGED | UNCHANGED | |||
| confidentialityImpact | NONE | NONE | |||
| integrityImpact | LOW | LOW | |||
| availabilityImpact | NONE | NONE | |||
| exploitabilityScore | 0.5 | 3.9 | |||
| impactScore | 1.4 | 1.4 | |||