The PrestaShop e-commerce system has a security vulnerability that can be exploited by attackers, particularly those with access to administrative roles such as Salesman, Logistician, or Admin accounts, which enables them to turn a PHP Object Injection vulnerability into a remote code execution vulnerability. The vulnerability is due to the use of the `unserialize()` function with user input, which is a known security risk. However, PrestaShop has added a wrapper method `unSerialize()` that attempts to prevent malicious injections by performing an additional security check. Unfortunately, this approach can be bypassed by adding specific characters to the length values of serialized object strings, allowing attackers to inject nested objects and obfuscate their malicious intent. The vulnerability can lead to arbitrary code execution on the server, breach sensitive payment information, and is particularly critical for PrestaShop Ready users who can exploit it by setting up a free trial account or with malicious users having access to Salesman roles. A patch has been released by PrestaShop to address this issue.