THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-m5f5-28qr-9g9r (critical) — prestashop/ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE

[GHSA] GHSA-m5f5-28qr-9g9r (critical) — prestashop/ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE

medgithub_advisoriesPublished 2026-07-10

GHSA-m5f5-28qr-9g9r Severity: critical CVE: CVE-2026-54159

prestashop/ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE

### Impact

A PHP Object Injection vulnerability affects the PrestaShop module `ps_facetedsearch`.

The module rebuilds the selected search filters from the request URL. The value of a slider filter (**price** or **weight**) is taken from

Indicators of compromise

Original source: https://github.com/advisories/GHSA-m5f5-28qr-9g9r