ps_checkout allows unauthorized method invocation through unvalidated parameter
Unvalidated parameter can lead to some unauthorized method invocation with very little possibilities.
Advisories for Composer/Prestashop/Ps_checkout package
2026
2025
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice
Wrong usage of the PHP array_search() allows bypass of validation.
PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure
Missing validation on input vulnerable to directory traversal.
PrestaShop Checkout allows customer account takeover via email
Missing validation on Express Checkout feature allows silent log-in