Threat actors target the e-commerce platform by exploiting a zero-day vulnerability that allows them to execute arbitrary instructions.
PrestaShop, an open-source e-commerce platform hosting over 300,000 shops, ran into a ‘major security vulnerability.’ Attackers discovered a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites.
“Malicious actors are exploiting a combination of known and unknown security vulnerabilities to inject malicious code in PrestaShop websites, allowing them to execute arbitrary instructions and potentially steal customer’s payment information,” an advisory published by the platform.
The vulnerability, CVE-2022-36408, is a part of a ‘previously unknown vulnerability chain’ that attackers use. The platform claims that shops based on versions 126.96.36.199 or greater are subject to SQL injection vulnerabilities.
“We believe attackers are targeting shops using outdated software or modules, vulnerable third-party modules, or a yet-to-be-discovered vulnerability,” PrestaShop’s advisory said.
Once the attackers gain control of the shop, they inject a fake payment form on the front-office check-out page. Shoppers might use the phony form and enter their credit card information, sending it straight to the threat actors.
According to the advisory, there might be different ways to exploit the vulnerability. However, the platform’s curators have not discovered other ways the attackers could try to infect PrestaShop’s systems.
Users are advised to update their modules to the latest version. Since attackers might be using MySQL Smarty cache storage features, users are advised to disable this feature in PrestaShop’s code manually.
“Be aware that not finding this pattern on your logs doesn’t necessarily mean that your shop has not been affected by the attack: the complexity of the exploit means that there are several ways of performing it, and attackers might also try and hide their tracks,” the advisory said.