PrestaShop 1.7.8.7 is out to fix major security vulnerability

1. PrestaShop PrestaShop 1.7.8.7 1.7.8.7 is is out out to to F Fix ix M Major ajor S Security ecurity V Vulnerability ulnerability Web: Web: www.nethues.com www.nethues.com Email Email: : info@ info@nethues nethues.com .com Copyright © 2022 Nethues Technologies (P) Ltd

2. If you run an eCommerce store on PrestaShop, you’re probably aware that a new version (1.7.8.7) was released last week. This update is particularly significant because it fixes several critical security issues that could allow an unauthorized user to access or modify data on your site. If you’re running PrestaShop 1.7.8.6, we recommend upgrading to 1.7.8.7 as soon as possible to take advantage of this security patch. Like previous PrestaShop versions, this upgrade is recommended to keep your shop safe from attacks. Let’s discuss more about it. Where Where the the issue issue lies? lies? PrestaShop Inc. has been powering eCommerce stores for years now. Unfortunately, some hostile performers exploit known and unknown security vulnerabilities to inject malicious code into PrestaShop websites, making them steal customers’ payment information. Who Who are are under under attack? attack?  PrestaShops that are vulnerable to SQL injection attacks.  Online eCommerce store using outdated software or modules.  PrestaShops that are using vulnerable third-party modules. Copyright © 2022 Nethues Technologies (P) Ltd

3. How How does does the the attack attack work? work? Based on the conversations between the developers and the eCommerce owners, the systematic method of operation looks like this: 1) The attacker makes a POST request to the endpoint vulnerable to SQL injection. 2) A GET request to the homepage with no parameters is submitted within one second by the attacker. It results in a PHP file called blm.php at the root of the eCommerce directory. 3) Finally, the attacker submits a GET request to the new file, blm.php, allowing them to perform random activities. Fake payment forms are injected into the front-office checkout page, and the customers fill their credit card information on the artificial form, unknowingly sending it to the attackers. How How to to keep keep your your online online business business safe? safe?  Ensure that your PrestaShop is operating on the latest version and that your modules are updated. Thus, preventing your eCommerce from being exposed to known and actively exploited SQL injection vulnerabilities.  To break the attack chain, physically disabling the MySQL Smarty cache storage feature in PrestaShop code is recommended. Bugs Bugs Fixed Fixed  Strengthens the MySQL Smarty cache storage against code injection attacks.  Security.  Eval injection if the shop is vulnerable to an SQL injection. Reminder: Keep your PrestaShop version updated to prevent such attacks. Don’t forget to regularly check for updates related to your PrestaShop software, modules, and server environment. Copyright © 2022 Nethues Technologies (P) Ltd

4. Safest Safest approach approach to to upgrade upgrade your your PrestaShop PrestaShop With these and many other changes, PrestaShop 1.7.8.7 is a must-have update. Be aware that managing PrestaShop on your own can invite various bugs or technical issues! Consider contacting a specialist to perform a full audit of your PrestaShop and work on it. Being a PrestaShop partner agency, we have certified PrestaShop experts on board who can help you upgrade/update to the latest version of PrestaShop,i.e., 1.7.8.7. Let’s connect and get the needful done. Copyright © 2022 Nethues Technologies (P) Ltd