CVE 9.8 CRITICAL

CVE-2025-69633_CVE-2025-69633

February 17, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop 1.1.26 through 1.2.6 (Fixed in version 1.2.7) allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is passed unsanitized to SQL queries in classes/AdvancedPopup.php (getPopups() and updateVisits() functions).

AI Analysis

SQL Injection vulnerability in Advanced Popup Creator module for PrestaShop

Basic Information

ID CVE-2025-69633

Source mitre

Published Feb 13, 2026 at 00:00

Modified Feb 17, 2026 at 15:09

Affected Product

Vendor PrestaShop

Product Advanced Popup Creator

Version 1.1.26-1.2.6

Affected Versions n/a n/a n/a

CWE Classification

CWE-89

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor PrestaShop

Product Advanced Popup Creator

Version 1.1.26, 1.1.27, 1.1.28, 1.1.29, 1.1.30, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6

References

{
    "lastseen": "",
    "description": "A SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop 1.1.26 through 1.2.6 (Fixed in version 1.2.7) allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is passed unsanitized to SQL queries in classes/AdvancedPopup.php (getPopups() and updateVisits() functions).",
    "published": "2026-02-13T00:00:00.000Z",
    "modified": "2026-02-17T15:09:45.962Z",
    "type": "cve",
    "title": "CVE-2025-69633",
    "source": "mitre",
    "references": "https://addons.prestashop.com/en/pop-up-gamification/23773-popup-on-entry-exit-popup-and-newsletter.html\nhttps://labs.esokia.com/cve/cve-2025-69633/",
    "id": "CVE-2025-69633",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Advanced Popup Creator",
    "version": "1.1.26-1.2.6",
    "vendor": "PrestaShop",
    "ai_description": "SQL Injection vulnerability in Advanced Popup Creator module for PrestaShop",
    "ai_severity": "Critical",
    "ai_vendor": "PrestaShop",
    "ai_product": "Advanced Popup Creator",
    "ai_version": "1.1.26, 1.1.27, 1.1.28, 1.1.29, 1.1.30, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply