Attackers discover a zero day in PrestaShop that allows stealing the payment data of users of online stores. Vulnerability, now known by its CVE identifier 'CVE-2022-36408', enabled arbitrary code execution on servers hosting Prestashop websites that featured outdated versions of the software.
The modus operandi so far has been similar.: The attackers exploited the flaw and, once obtained the ability to execute arbitrary code, injected non-legitimate payment forms to collect users' payment information.
From PrestaShop they claim to have located the vulnerability and that from the version 1.7.8.7 supposedly it had been fixed. However, they also stated that in the new versions of the software there are legacy features that are maintained for reasons of compatibility with previous versions and that could allow the existence of other ways to carry out the attack