Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

GHSA-m5f5-28qr-9g9r: prestashop/ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE

0
Critical
Published: 07/10/2026 (07/10/2026, 20:36:56 UTC)
Source: GCVE Database
Product: prestashop/ps_facetedsearch

Description

A critical PHP Object Injection vulnerability exists in the PrestaShop module ps_facetedsearch versions 3.0.0 through 4.0.3. The vulnerability arises because slider filter values (price or weight) from the URL are insufficiently validated and stored serialized in a cache, which is later unserialized using native PHP unserialize(). An attacker can craft a malicious serialized object to achieve remote code execution without authentication by writing a webshell to the server. This allows full compromise of the affected shop and its hosting server.

CVSS v3.1

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected software

Packagistghsa
prestashop/ps_facetedsearch
Affected versions
>=3.0.0 <4.0.4

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/11/2026, 09:49:03 UTC

Technical Analysis

The ps_facetedsearch module in PrestaShop versions >=3.0.0 <4.0.4 suffers from a PHP Object Injection vulnerability due to unsafe unserialize() usage on user-controlled slider filter values stored in a cache. By sending a specially crafted request with malicious serialized PHP objects in the price or weight slider filter parameters, an unauthenticated attacker can trigger deserialization that writes an arbitrary PHP file (webshell) to the module directory. This leads to remote code execution and full system compromise. The vulnerability affects all shops using the vulnerable module versions with slider filters enabled in the front office.

Potential Impact

Successful exploitation results in unauthenticated remote code execution on the server hosting the PrestaShop instance. This allows an attacker to fully compromise the affected shop and its underlying server, including arbitrary command execution and potential data theft or service disruption.

Mitigation Recommendations

A patch is available by upgrading the ps_facetedsearch module to version 4.0.4 or later, which replaces the unsafe native unserialize() call with a safer alternative. Until the module is upgraded, remove price and weight slider filters from front-office filter templates, clear the faceted-search filter cache, and audit the module directory for unexpected PHP files. Additionally, monitor and block search requests containing PHP serialization patterns at the WAF level. Applying the official module upgrade is the recommended and most effective remediation.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Osv Id
GHSA-m5f5-28qr-9g9r
Osv Schema Version
1.4.0
Aliases
["CVE-2026-54159"]
Ecosystems
["Packagist"]
Database Specific Severity
CRITICAL
Cvss Version
3.1

Threat ID: 6a520eb368715ace438f514a

Added to database: 07/11/2026, 09:36:51 UTC

Last enriched: 07/11/2026, 09:49:03 UTC

Last updated: 07/11/2026, 09:49:03 UTC

Views: 2

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses