Major Security Vulnerability In Prestashop Platform

PrestaShop, an open-source e-commerce platform hosting over 300,000 shops, announced attackers have exploited a major vulnerability to inject malicious code into servers running PrestaShop websites. The attackers are injecting a fake payment form on the front-office check-out page to steal shoppers’ credit card information. PrestaShop stated that they believe the attackers are targeting shops using outdated software or modules, vulnerable third-party modules, or a yet-to-be-discovered vulnerability.

PrestaShop’s official announcement of the discovered vulnerability can be found here.

Subscribe
Notify of
guest

1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Keith Neilson
Keith Neilson , Technical Evangelist
InfoSec Expert
July 27, 2022 11:32 am

“Attackers continue to target and successfully infiltrate sites with outdated software or modules, vulnerable third-party modules, or yet-to-be-discovered vulnerabilities. This illustrates the critical need for an agile cyber asset management strategy, as companies have no way of mitigating security risks for assets they cannot see. Cyber asset management addresses this lack of visibility head-on, beginning with a holistic inventory of all cyber assets residing in a company’s IT estate. Once real-time observability into the entire attack surface is secured, companies can establish advanced governance policies to remediate abnormalities, vulnerabilities, and tackle the issue of outdated versions of their software head-on before they are exploited.”

Last edited 4 months ago by Keith Neilson
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x