5.3
CVE-2026-25597
- EPSS 0.06%
- Veröffentlicht 06.02.2026 20:47:24
- Zuletzt bearbeitet 19.02.2026 17:27:30
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
PrestaShop has a time based enumeration in FO login form
PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times. This vulnerability is fixed in 8.2.4 and 9.0.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Prestashop ≫ Prestashop Version < 8.2.4
Prestashop ≫ Prestashop Version >= 9.0.0 < 9.0.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.186 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-208 Observable Timing Discrepancy
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.