Advisories for Composer/Prestashop/Ps_checkout package

2025

PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

Wrong usage of the PHP array_search() allows bypass of validation.

PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

Missing validation on input vulnerable to directory traversal.

PrestaShop Checkout allows customer account takeover via email

Missing validation on Express Checkout feature allows silent log-in