CVE-2025-69633 – PrestaShop Advanced Popup Creator SQL Injection

CVE ID : CVE-2025-69633

Published : Feb. 13, 2026, 10:16 p.m. | 2 hours, 13 minutes ago

Description : A SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop 1.1.26 through 1.2.6 (Fixed in version 1.2.7) allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is passed unsanitized to SQL queries in classes/AdvancedPopup.php (getPopups() and updateVisits() functions).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…