PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| prestashop/ps_checkout(Packagist) | 0 | 4.4.1 | N/A |
| prestashop/ps_checkout(Packagist) | 5.0.0 | 5.0.5 | N/A |
CVSS Metrics
