CVE-2026-14846 in PrestaShopinformación

Resumen

por MITRE • 2026-07-13

In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the information is exported using the ‘Get my data in CSV’ tool. Successful exploitation of this vulnerability could facilitate unauthorised access to the victim’s personal data.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsable

INCIBE

Reservar

2026-07-06

Divulgación

2026-07-13

Moderación

aceptado

Artículo

VDB-377936

CPE

listo

EPSS

0.00000

KEV

no

Actividades

bajo

Fuentes

Interested in the pricing of exploits?

See the underground prices here!