0 %

Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores

July 26, 2022
hacking shopping website

Harmful stars are making use of a formerly unidentified safety problem outdoors resource PrestaShop shopping system to infuse destructive skimmer code developed to swipe delicate info.

” Attackers have actually located a method to utilize a safety and security susceptability to execute approximate code implementation in web servers running PrestaShop web sites,” the firm noted in a consultatory released on July 22.

PrestaShop is marketed as the leading open-source shopping service in Europe as well as Latin America, utilized by almost 300,000 online vendors worldwide.


The objective of the infections is to present destructive code with the ability of swiping settlement info gotten in by clients on check out web pages. Shops making use of out-of-date variations of the software program or various other prone third-party components seem the prime targets.

The PrestaShop maintainers likewise claimed it located a zero-day problem in its solution that it claimed has actually been dealt with in version, although they warned that “we can not make sure that it’s the only means for them to carry out the assault.”

” This safety solution reinforces the MySQL Smarty cache storage space versus code shot strikes,” PrestaShop kept in mind. “This heritage function is kept for in reverse compatibility factors as well as will certainly be gotten rid of from future PrestaShop variations.”

The problem concerned is an SQL shot susceptability influencing variations or higher, as well as is being tracked as CVE-2022-36408.


Effective exploitation of the problem can allow an assaulter to send a particularly crafted demand that gives the capacity to implement approximate directions, in this situation, infuse a phony settlement kind on the check out web page to collect bank card info.

The advancement adheres to a wave of Magecart strikes targeting dining establishment getting systems MenuDrive, Harbortouch, as well as InTouchPOS, causing the concession of a minimum of 311 dining establishments.

Posted in SecurityTags:
Write a comment