Security News > 2022 > July > Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores
Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information.
"Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company noted in an advisory published on July 22.
PrestaShop is marketed as the leading open-source e-commerce solution in Europe and Latin America, used by nearly 300,000 online merchants worldwide.
The PrestaShop maintainers also said it found a zero-day flaw in its service that it said has been addressed in version 1.7.8.7, although they cautioned that "We cannot be sure that it's the only way for them to perform the attack."
"This security fix strengthens the MySQL Smarty cache storage against code injection attacks," PrestaShop noted.
"This legacy feature is maintained for backward compatibility reasons and will be removed from future PrestaShop versions."
News URL
https://thehackernews.com/2022/07/hackers-exploit-prestashop-zero-day-to.html
Related news
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Mitel MiCollab zero-day flaw gets proof-of-concept exploit (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Hackers exploit DoS flaw to disable Palo Alto Networks firewalls (source)