PrestaShop announced Friday that hackers are using “known and undiscovered vulnerabilities” in its older software versions to attack websites and steal customer payment information.
PrestaShop declared that the vulnerability was not present in the most recent version of PrestaShop. We believe that attackers target shops with outdated software, modules, vulnerable third party modules or another yet-to be discovered vulnerability.
PrestaShop stated that it was fixing an unknown vulnerability discovered during its investigation into the breach. The company said that hackers could not exploit the software in this way, but it's uncertain.
PrestaShop, an open-source and free e-commerce platform that lets users set up and manage their online shops, is completely free. You can also use it to provide secure payment options and services like performance analysis, web marketing and website marketing. PrestaShop claims that its software is used by nearly 300,000. It also has strong representation in Europe and South America.
The PrestaShop Breach: What Do We Know?
PrestaShop stated that sites running outdated versions of its software could be infected with malicious code. The company stated that these sites have SQL injection vulnerabilities which allow attackers to modify or steal data.
Most websites use SQL to manage their databases. To breach websites, attackers send malicious SQL query via vulnerable endpoints. This vulnerability can be used by an attacker to obtain administrator privileges, which allows them to view, send or destroy stored information.
Even the most large organizations can be affected by SQL injection flaws. Zoho Corp disclosed last year that the ManageEngine OpManager tool was vulnerable to SQL injection.
According to PrestaShop, the issue appears to be related only to shops that are running …” PrestaShop versions 22.214.171.124 and higher. If they run a module, custom code or contain a SQL injection vulnerability, versions 126.96.36.199+ aren't vulnerable. Versions 2.0.02.1.0 are susceptible to the Wishlist module (blockwishlist).
To Steal data, attackers added fake payment forms at checkout
PrestaShop based their information on “shop owners” and “developers,” said that hackers often insert malicious code to create new files on websites' databases. This gives them the capability to run arbitrary commands.
They would use this privilege to add a fraudulent payment form to the checkout page of their website. The attackers will receive any payment information (such as credit card numbers) that the customers provide in this form.
PrestaShop stated that this is the most common type of attack. However, hackers could be exploiting users in other ways. The hackers may also exploit the beach by “placing another file name, altering other parts of software, placing malicious code elsewhere or even erasing the attacker's tracks after the attack is successful.”
PrestaShop Recommendations for Users
PrestaShop suggests that customers ensure their modules and shops are up-to-date with the most recent version of PrestaShop's software.
Clients were also advised by the company to disable MySQL Smarty's cache storage function in PrestaShop. PrestaShop states that this feature, which is “rarely used”, has been disabled by default. However, hackers have the ability to enable it remotely. It would be “breaking the attack chain” if it was disabled.
PrestaShop stated that it was working to patch the vulnerability in this feature.
For more information, see PrestaShop's Statement. This includes details such as how to locate the MySQL Smarty cache. PrestaShop suggests that customers contact a professional to perform a complete audit of their site.