Online shops leveraging the PrestaShop platform are under attack from threat actors exploiting an SQL injection flaw
, tracked as CVE-2022-36408, impacting PrestaShop versions 22.214.171.124 or later and versions 126.96.36.199 or later with the vulnerable Wishlist 2.0.0 to 2.1.0 module, BleepingComputer
Attackers commence the intrusion with a POST request sent to vulnerable endpoints before sending a parameter-less GET request to facilitate the creation of the "blm.php" file at the root directory, which was then leveraged for fake payment form injections on targeted shops' checkout pages in an effort to exfiltrate payment card data, according to PrestaShop. While attackers have worked to conceal malicious activity, site administrators could determine compromise within the access logs of their web servers, as well as file changes and MySQL Smarty cache storage activation.
PrestaShop has called on admins of 300,000 shops using the software to promptly apply version 188.8.131.52 of the software to address the vulnerability.