Copyright©2022NethuesTechnologies(P)Ltd PrestaShop1.7.8.7 isouttoFixMajorSecurityVulnerability Web:www.nethues.com Email:info@nethues.com
Copyright©2022NethuesTechnologies(P)Ltd IfyourunaneCommercestoreonPrestaShop,you’reprobablyawarethatanew version(1787)wasreleasedlastweek Thisupdateisparticularlysignificantbecauseitfixesseveralcriticalsecurityissuesthat couldallowanunauthorizedusertoaccessormodifydataonyoursite. Ifyou’rerunningPrestaShop1.7.8.6,werecommendupgradingto1.7.8.7assoonas possibletotakeadvantageofthissecuritypatch. LikepreviousPrestaShopversions,thisupgradeisrecommendedtokeepyourshop safefromattacks Let’sdiscussmoreaboutit Wheretheissuelies? PrestaShopInchasbeenpoweringeCommercestoresforyearsnowUnfortunately, somehostileperformersexploitknownandunknownsecurityvulnerabilitiestoinject maliciouscodeintoPrestaShopwebsites,makingthemstealcustomers’payment information. Whoareunderattack? PrestaShopsthatarevulnerabletoSQLinjectionattacks. OnlineeCommercestoreusingoutdatedsoftwareormodules PrestaShopsthatareusingvulnerablethirdpartymodules.
Copyright©2022NethuesTechnologies(P)Ltd Howdoestheattackwork? BasedontheconversationsbetweenthedevelopersandtheeCommerceowners,the systematicmethodofoperationlookslikethis: 1)TheattackermakesaPOSTrequesttotheendpointvulnerabletoSQLinjection. 2)AGETrequesttothehomepagewithnoparametersissubmittedwithinone secondbytheattackerItresultsinaPHPfilecalledblmphpattherootofthe eCommercedirectory. 3)Finally,theattackersubmitsaGETrequesttothenewfile,blmphp,allowingthem toperformrandomactivities. Fakepaymentformsareinjectedintothefrontofficecheckoutpage,andthe customersfilltheircreditcardinformationontheartificialform,unknowinglysendingit totheattackers Howtokeepyouronlinebusinesssafe? EnsurethatyourPrestaShopisoperatingonthelatestversionandthatyour modulesareupdated.Thus,preventingyoureCommercefrombeingexposedto knownandactivelyexploitedSQLinjectionvulnerabilities. Tobreaktheattackchain,physicallydisablingtheMySQLSmartycachestorage featureinPrestaShopcodeisrecommended. BugsFixed StrengthenstheMySQLSmartycachestorageagainstcodeinjectionattacks Security. EvalinjectioniftheshopisvulnerabletoanSQLinjection Reminder:KeepyourPrestaShopversionupdatedtopreventsuchattacks.Don’t forgettoregularlycheckforupdatesrelatedtoyourPrestaShopsoftware,modules,and serverenvironment
Copyright©2022NethuesTechnologies(P)Ltd SafestapproachtoupgradeyourPrestaShop Withtheseandmanyotherchanges,PrestaShop1.7.8.7isamusthaveupdate. BeawarethatmanagingPrestaShoponyourowncaninvitevariousbugsortechnical issues!ConsidercontactingaspecialisttoperformafullauditofyourPrestaShopand workonit. BeingaPrestaShoppartneragency,wehavecertifiedPrestaShopexpertsonboardwho canhelpyouupgrade/updatetothelatestversionofPrestaShop,i.e.,1.7.8.7. Let’sconnectandgettheneedfuldone