{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T14:57:51.942","vulnerabilities":[{"cve":{"id":"CVE-2025-69633","sourceIdentifier":"cve@mitre.org","published":"2026-02-13T22:16:09.650","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop 1.1.26 through 1.2.6 (Fixed in version 1.2.7) allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is passed unsanitized to SQL queries in classes/AdvancedPopup.php (getPopups() and updateVisits() functions)."},{"lang":"es","value":"Una vulnerabilidad de inyección SQL en el módulo Advanced Popup Creator (advancedpopupcreator) para PrestaShop 1.1.26 hasta 1.2.6 (Corregido en la versión 1.2.7) permite a atacantes remotos no autenticados ejecutar consultas SQL arbitrarias a través del parámetro fromController en el controlador de popup. El parámetro se pasa sin sanear a las consultas SQL en classes/AdvancedPopup.php (funciones getPopups() y updateVisits())."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://addons.prestashop.com/en/pop-up-gamification/23773-popup-on-entry-exit-popup-and-newsletter.html","source":"cve@mitre.org"},{"url":"https://labs.esokia.com/cve/cve-2025-69633/","source":"cve@mitre.org"}]}}]}