Esokia Labs
  • CVE
  • Research

Sqli

CVE-2025-69633 – PrestaShop advancedpopupcreator Module SQL Injection

 Posted on December 18, 2025  |  Esokia (Maxime Morel-Bailly)

A critical SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop, by Idnovate, allows a remote unauthenticated attacker to execute arbitrary SQL queries via the fromController parameter of the module’s popup controller. Fixed in 1.2.7. [Read More]
cve  prestashop  sqli 

     • © 2026  •  Esokia

    Hugo v0.155.3 powered  •  Theme Beautiful Hugo adapted from Beautiful Jekyll