Headline
Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores
Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. “Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites,” the company noted in an advisory published on July 22. PrestaShop is
Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information.
“Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites,” the company noted in an advisory published on July 22.
PrestaShop is marketed as the leading open-source e-commerce solution in Europe and Latin America, used by nearly 300,000 online merchants worldwide.
The goal of the infections is to introduce malicious code capable of stealing payment information entered by customers on checkout pages. Shops using outdated versions of the software or other vulnerable third-party modules appear to be the prime targets.
The PrestaShop maintainers also said it found a zero-day flaw in its service that it said has been addressed in version 1.7.8.7, although they cautioned that “we cannot be sure that it’s the only way for them to perform the attack.”
“This security fix strengthens the MySQL Smarty cache storage against code injection attacks,” PrestaShop noted. “This legacy feature is maintained for backward compatibility reasons and will be removed from future PrestaShop versions.”
The issue in question is an SQL injection vulnerability affecting versions 1.6.0.10 or greater, and is being tracked as CVE-2022-36408.
Successful exploitation of the flaw could enable an attacker to submit a specially crafted request that grants the ability to execute arbitrary instructions, in this case, inject a fake payment form on the checkout page to gather credit card information.
The development follows a wave of Magecart attacks targeting restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS, leading to the compromise of at least 311 restaurants.
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.
Related news
We take a look at a security advisory from PrestaShop which warns of compromised stores and redirected payment data. The post PrestaShop warns of vulnerability: Update your stores now! appeared first on Malwarebytes Labs.
## Duplicate Advisory This advisory is a duplicate of GHSA-hrgx-p36p-89q4. This link is maintained to preserve external references. ## Original Description PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.
PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.