Threat actors are actively exploiting a critical vulnerability in PrestaShop e-commerce Solution. Here's what you need to know.
On July 22, 2022, open source e-commerce platform PrestaShop reported a critical vulnerability (CVE-2022-36408) impacting their e-commerce solution. This vulnerability allows attackers the ability to execute arbitrary code on servers running PrestaShop websites. This could lead to threat actors stealing customer payment information.
Quick facts: what you need to know now
- Threat actors are actively exploiting this vulnerability in the wild.
- The vulnerability affects PrestaShops running versions 188.8.131.52 or greater, which are subject to SQL injection vulnerabilities. Versions 184.108.40.206 and greater are not vulnerable unless they are running a module or custom code which itself includes a SQL injection vulnerability.
- Threat actors that gain access to the shop were observed injecting a fake payment form on the checkout page to steal credit card information.
- Attackers might be using other tactics such as using different file names, modifying other parts of the software, planting malicious code elsewhere, or even erasing their tracks once the attack has been successful.
Next Steps for PrestaShop users:
- Update to a non-vulnerable version of PrestaShop. Additional security fixes for injections attacks have been included in the 220.127.116.11 release.
If you have any questions, please reach out to the Risk + Response Team at firstname.lastname@example.org!