← العودة للجدول
CVE-2026-54159
CVE-2026-54159 — prestashop/ps_facetedsearch: PHP Object Injection in faceted search cache allows
📅 2026-07-10
🔴 Critical 🔥 No GHSA Exploit Web CVSS 10

📋 الوصف الكامل

### Impact A PHP Object Injection vulnerability affects the PrestaShop module `ps_facetedsearch`. The module rebuilds the selected search filters from the request URL. The value of a slider filter (**price** or **weight**) is taken from the URL without sufficient validation, then stored in an internal filter-block cache where it is serialized and later read back with a raw native `unserialize()`

💻 الأنظمة المتأثرة

PHP

⚠️ نوع التهديد

Exploit

🔗 CVE ID

CVE-2026-54159

📡 المصدر

GHSA

✅ الحلول والتخفيف

Update to v3.0.0

🔗 المصدر الأصلي ← 📘 NVD ← ⚡ CISA KEV ← 🔍 Valters IT ←