CVE-2025-69633 – PrestaShop advancedpopupcreator Module SQL Injection

 Posted on December 18, 2025  |  Esokia (Maxime Morel-Bailly)

CVE-2025-69633

Summary

A critical SQL Injection vulnerability has been identified in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop.

The vulnerability allows a remote unauthenticated attacker to execute arbitrary SQL queries via the fromController parameter of the module’s popup controller endpoint.

The issue affects versions:

< 1.2.7

The vendor confirmed that the vulnerability is present at least since version 1.1.26. The exact introduction version has not been determined.

The vulnerability is fixed in:

[Read More]
cve  prestashop  sqli