Esokia Labs
  • CVE
  • Research

Prestashop

CVE-2026-39079 - PrestaShop upsshipping Module Sensitive Data Exposure via Publicly Accessible Logs

 Posted on May 18, 2026  |  Esokia (Maxime Morel-Bailly)

An information disclosure vulnerability in the UPS Shipping Module (upsshipping) for PrestaShop, developed by the now-defunct Agence Web 360, allows unauthenticated retrieval of XML log files exposing UPS API credentials, shipper account numbers and customer PII. [Read More]
cve  prestashop  information-disclosure  access-control 

CVE-2025-69633 – PrestaShop advancedpopupcreator Module SQL Injection

 Posted on December 18, 2025  |  Esokia (Maxime Morel-Bailly)

A critical SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop, by Idnovate, allows a remote unauthenticated attacker to execute arbitrary SQL queries via the fromController parameter of the module’s popup controller. Fixed in 1.2.7. [Read More]
cve  prestashop  sqli 

     • © 2026  •  Esokia

    Hugo v0.155.3 powered  •  Theme Beautiful Hugo adapted from Beautiful Jekyll