PrestaShop, an open-source e-commerce platform hosting over 300,000 shops, announced attackers have exploited a major vulnerability to inject malicious code into servers running PrestaShop websites. The attackers are injecting a fake payment form on the front-office check-out page to steal shoppers’ credit card information. PrestaShop stated that they believe the attackers are targeting shops using outdated software or modules, vulnerable third-party modules, or a yet-to-be-discovered vulnerability.
PrestaShop’s official announcement of the discovered vulnerability can be found here.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.