Attackers discover a zero day in PrestaShop that allows stealing the payment data of users of online stores. Vulnerability, now known by its CVE identifier 'CVE-2022-36408', enabled arbitrary code execution on servers hosting Prestashop websites that featured outdated versions of the software.  

The modus operandi so far has been similar.: The attackers exploited the flaw and, once obtained the ability to execute arbitrary code, injected non-legitimate payment forms to collect users' payment information.

From PrestaShop they claim to have located the vulnerability and that from the version 1.7.8.7 supposedly it had been fixed. However, they also stated that in the new versions of the software there are legacy features that are maintained for reasons of compatibility with previous versions and that could allow the existence of other ways to carry out the attack


Leave a Reply

Your email address will not be published. Required fields are marked *

More news
A
Read more »
A researcher manages to hack some concert tickets using AI
Read more »
Una nueva campaña de phishing suplanta a ChatGPT
Read more »
Nintendo suffers a data breach through a supplier
Read more »
Trying to make fun of a scammer is not a very good idea
Read more »