GHSA-MQQ7-WXX5-MP8H: GHSA-MQQ7-WXX5-MP8H: Unauthorized Method Invocation in PrestaShop Checkout

1 / 2

GHSA-MQQ7-WXX5-MP8H: GHSA-MQQ7-WXX5-MP8H: Unauthorized Method Invocation in PrestaShop Checkout

DEV Community·CVE Reports·about 1 month ago

#Gri3jBPp

#prestashopcheckoutreleasev530 #security #cve #cybersecurity #prestashop #checkout

Reading 0:00

15s threshold

GHSA-MQQ7-WXX5-MP8H: Unauthorized Method Invocation in PrestaShop Checkout Vulnerability ID: GHSA-MQQ7-WXX5-MP8H CVSS Score: 3.3 Published: 2026-04-30 The PrestaShop Checkout (ps_checkout) module prior to version 5.3.0 suffers from an improper input validation vulnerability (CWE-20). This defect allows an attacker to dynamically invoke unauthorized public methods within the application scope by manipulating HTTP request parameters. While categorized as a low-severity flaw due to limited exploitation vectors, it highlights critical risks in dynamic method routing. TL;DR PrestaShop Checkout module < 5.3.0 fails to properly validate parameters used for method invocation, allowing attackers to call arbitrary public methods. The vendor rates the impact as low.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-MQQ7-WXX5-MP8H: GHSA-MQQ7-WXX5-MP8H: Unauthorized Method Invocation in PrestaShop Checkout