Major Security Vulnerability In Prestashop Platform

By   ISBuzz Team
Writer , Information Security Buzz | Jul 27, 2022 03:30 am PST

PrestaShop, an open-source e-commerce platform hosting over 300,000 shops, announced attackers have exploited a major vulnerability to inject malicious code into servers running PrestaShop websites. The attackers are injecting a fake payment form on the front-office check-out page to steal shoppers’ credit card information. PrestaShop stated that they believe the attackers are targeting shops using outdated software or modules, vulnerable third-party modules, or a yet-to-be-discovered vulnerability.

PrestaShop’s official announcement of the discovered vulnerability can be found here.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Keith Neilson
Keith Neilson , Technical Evangelist
July 27, 2022 11:32 am

“Attackers continue to target and successfully infiltrate sites with outdated software or modules, vulnerable third-party modules, or yet-to-be-discovered vulnerabilities. This illustrates the critical need for an agile cyber asset management strategy, as companies have no way of mitigating security risks for assets they cannot see. Cyber asset management addresses this lack of visibility head-on, beginning with a holistic inventory of all cyber assets residing in a company’s IT estate. Once real-time observability into the entire attack surface is secured, companies can establish advanced governance policies to remediate abnormalities, vulnerabilities, and tackle the issue of outdated versions of their software head-on before they are exploited.”

Last edited 1 year ago by Keith Neilson

Recent Posts

Would love your thoughts, please comment.x