Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-8xx5-h6m3-jr33

GitHub Security Advisory

Presta Shop vulnerable to email enumeration

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
An unauthenticated attacker with access to the back-office URL can manipulate the id_employee and reset_token parameters to enumerate valid back-office employee email addresses.

Impacted parties:
Store administrators and employees: their email addresses are exposed.
Merchants: risk of phishing, social engineering, and brute-force attacks targeting admin accounts.

### Patches
PrestaShop 8.2.3

### Workarounds
You must upgrade, or at least apply the changes from the PrestaShop 8.2.3 patch. More information: https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release/

Affected Packages

Packagist prestashop/prestashop
Affected versions: 0 (fixed in 8.2.3)

Related CVEs

CVE-2025-51586

Key Information

GHSA ID
GHSA-8xx5-h6m3-jr33
Published
September 4, 2025 8:01 PM
Last Modified
September 4, 2025 8:01 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
prestashop/prestashop
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 10, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.