The e-commerce platform PrestaShop has confirmed being hacked

The PrestaShop e-commerce platform has been used widely by hackers through an unknown vulnerability in order to execute codes to steal customers’ payment information. The PrestaShop’s security team confirmed the hacking incident and urged its 300,000 shop admins to review their software security status following the attack.

The security researchers said that the attack impacted PrestaShop versions or later versions and run a module named Wishlist 2.0.0 to 2.1.0 that is vulnerable to SQL injection. The vulnerability which helped exploiters to gain access was tracked as CVE-2022-36408.

The attackers targeted the Wishlist module by performing an SQL injection exploit in order to gain unauthorized access to the website’s database to steal users’ payment details. The PrestaShop said, “We believe attackers are targeting shops using outdated software or modules, vulnerable third-party modules, or a yet-to-be-discovered vulnerability.” The security researchers stated that the attacker sent a POST request to gain access to the web server’s data through a vulnerable endpoint. After that the attackers performed a GET request to the homepage, to grab data from the homepage data resource. It created a blm.php file at the root directory which allowed the threat actor to execute commands on the compromised server. The company reported that in many cases the threat actor used this web shell to create a fake checkout page for the customers in order to steal their payment card details. The threat actor successfully erased their trace from the server following the cyberattack on PrestaShop.

Reportedly PrestaShop has upgraded its web versions, performed a security fix by strengthening MySQL Smarty cache storage, and applied more security updates.

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of, Inc. or its affiliates Read More

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

function init() { var vidDefer = document.getElementsByTagName('iframe'); for (var i=0; i