Threat Management, Vulnerability Management

Online stores hit with PrestaShop zero-day attacks

Online shops leveraging the PrestaShop platform are under attack from threat actors exploiting an SQL injection flaw, tracked as CVE-2022-36408, impacting PrestaShop versions 1.6.0.10 or later and versions 1.7.8.2 or later with the vulnerable Wishlist 2.0.0 to 2.1.0 module, BleepingComputer reports. Attackers commence the intrusion with a POST request sent to vulnerable endpoints before sending a parameter-less GET request to facilitate the creation of the "blm.php" file at the root directory, which was then leveraged for fake payment form injections on targeted shops' checkout pages in an effort to exfiltrate payment card data, according to PrestaShop. While attackers have worked to conceal malicious activity, site administrators could determine compromise within the access logs of their web servers, as well as file changes and MySQL Smarty cache storage activation. PrestaShop has called on admins of 300,000 shops using the software to promptly apply version 1.7.8.7 of the software to address the vulnerability.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.