{"uuid": "498ced45-0189-4d9e-a578-77432f404d9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-w9f3-qc75-qgx9", "type": "seen", "source": "https://gist.github.com/pseudo7777/6fb3ec2f8f5b760f09161e11ad328b2f", "content": " 8.2.6 security patcher\n * Cherry-picks security fixes from 8.2.3, 8.2.4, 8.2.5, 8.2.6.\n *\n * Fixes:\n *  - 8.2.3: GHSA-8xx5-h6m3-jr33  BO login email enumeration\n *  - 8.2.4: GHSA-67v7-3g49-mxh2  FO login time-based user enumeration\n *  - 8.2.5: GHSA-35pf-37c6-jxjv  Stored XSS in BO templates\n *           GHSA-283w-xf3q-788v  Validation framework misuse\n *  - 8.2.6: GHSA-w9f3-qc75-qgx9  CRITICAL stored XSS in BO Customer Service (9.3/10)\n *\n * Usage:\n *   GET /security_patch.php?token=PATCH_TOKEN_xyz789\n * After completion: DELETE THIS FILE.\n */\n\n$EXPECTED_TOKEN = 'PATCH_TOKEN_xyz789';\nif (!isset($_GET['token']) || $_GET['token'] !== $EXPECTED_TOKEN) {\n    http_response_code(403);\n    exit('Forbidden');\n}\n\nset_time_limit(300);\nignore_user_abort(true);\nheader('Content-Type: text/plain; charset=utf-8');\n\necho \"PrestaShop 8.2.x security patcher\\n\";\necho \"==================================\\n\\n\";\n\n$BASE = __DIR__;\necho \"Base dir: $BASE\\n\\n\";\n\n$REF = '8.2.7';\n$BASE_URL = \"https://raw.githubusercontent.com/PrestaShop/PrestaShop/$REF/\";\n\n$FILES = array(\n    'controllers/admin/AdminLoginController.php',\n    'classes/controller/FrontController.php',\n    'classes/Customer.php',\n    'admin-dev/themes/default/template/controllers/access/helpers/form/form.tpl',\n    'admin-dev/themes/default/template/controllers/cart_rules/actions.tpl',\n    'admin-dev/themes/default/template/controllers/cart_rules/conditions.tpl',\n    'admin-dev/themes/default/template/controllers/countries/helpers/list/list_footer.tpl',\n    'admin-dev/themes/default/template/controllers/customer_threads/helpers/view/modal.tpl',\n    'admin-dev/themes/default/template/controllers/customer_threads/helpers/view/timeline_item.tpl',\n    'admin-dev/themes/default/template/controllers/customer_threads/message.tpl',\n    'admin-dev/themes/default/template/controllers/groups/helpers/view/view.tpl',\n    'admin-dev/themes/default/template/controllers/images/content.tpl',\n    'admin-dev/themes/default/template/controllers/import/helpers/view/view.tpl',\n    'admin-dev/themes/default/template/controllers/login/content.tpl',\n    'admin-dev/themes/default/template/controllers/login/header.tpl',\n    'admin-dev/themes/default/template/controllers/modules_positions/form.tpl',\n    'admin-dev/themes/default/template/controllers/shop/helpers/form/form.tpl',\n    'admin-dev/themes/default/template/controllers/shop/helpers/tree/shop_tree_node_item.tpl',\n    'admin-dev/themes/default/template/controllers/customer_threads/helpers/view/view.tpl',\n    'classes/Validate.php',\n);\n\n$ok = 0;\n$fail = 0;\n$skip_missing = 0;\n$backup_dir = $BASE . '/_security_patch_backup_' . date('Ymd_His');\nif (!is_dir($backup_dir)) { mkdir($backup_dir, 0700, true); }\necho \"Backup dir: $backup_dir\\n\\n\";\n\nforeach ($FILES as $rel) {\n    $local = $BASE . '/' . $rel;\n    $remote = $BASE_URL . $rel;\n    echo str_pad($rel, 95) . \" ... \";\n\n    if (file_exists($local)) {\n        $backup_path = $backup_dir . '/' . $rel;\n        if (!is_dir(dirname($backup_path))) { mkdir(dirname($backup_path), 0700, true); }\n        copy($local, $backup_path);\n    } else {\n        echo \"missing-locally \";\n        $skip_missing++;\n    }\n\n    $ctx = stream_context_create(array('http' => array('timeout' => 30, 'header' => \"User-Agent: caffettino-patcher\\r\\n\")));\n    $patched = @file_get_contents($remote, false, $ctx);\n\n    if ($patched === false || strlen($patched) === 0) {\n        echo \"DOWNLOAD FAILED\\n\";\n        $fail++;\n        continue;\n    }\n\n    if (!is_dir(dirname($local))) { mkdir(dirname($local), 0755, true); }\n    $bytes = file_put_contents($local, $patched);\n    if ($bytes === false) {\n        echo \"WRITE FAILED\\n\";\n        $fail++;\n        continue;\n    }\n    echo \"OK (\" . strlen($patched) . \" bytes)\\n\";\n    $ok++;\n}\n\necho \"\\n==================================\\n\";\necho \"Patched: $ok\\n\";\necho \"Failed: $fail\\n\";\necho \"Originally missing: $skip_missing\\n\";\necho \"Backup dir: $backup_dir\\n\";\necho \"\\nNext steps:\\n\";\necho \"  1. BO > Parametres avances > Performances > Vider le cache.\\n\";\necho \"  2. Supprimer ce fichier: \" . __FILE__ . \"\\n\";\necho \"  3. Tester BO + front.\\n\";\necho \"  4. Rollback: copier les fichiers depuis $backup_dir.\\n\";\necho \"\\nDone.\\n\";\n", "creation_timestamp": "2026-06-09T19:20:17.000000Z"}