PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP array_search(). The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Prestashop_checkout | Prestashop | * | 7.4.4.1 (excluding) |
| Prestashop_checkout | Prestashop | 7.5.0.1 (including) | 7.5.0.5 (excluding) |
| Prestashop_checkout | Prestashop | 8.3.1.0 (including) | 8.4.4.1 (excluding) |
| Prestashop_checkout | Prestashop | 8.5.0.0 (including) | 8.5.0.5 (excluding) |
| Prestashop_checkout | Prestashop | 9.4.3.1 (including) | 9.5.0.5 (excluding) |