Malicious actors exploit a previously unknown vulnerability in the open-source e-commerce platform PrestaShop to inject malicious skimmer code designed to harvest sensitive information.
“Attackers found a way to exploit a vulnerability to execute arbitrary code on servers running PrestaShop websites,” the company noted in an advisory published July 22.
PrestaShop is marketed as the leading open source e-commerce solution in Europe and Latin America and is used by nearly 300,000 online retailers worldwide.
The infections aim to introduce malicious code capable of stealing payment information entered by customers on checkout pages. Shops using outdated versions of the software or other vulnerable third-party modules seem to be the main targets.
PrestaShop maintainers also said they found a zero-day bug in their service, which they believe has been fixed in version 184.108.40.206, although they warned that “we cannot be sure that this is the only possibility.” for them is to carry out the attack”.
“This security fix strengthens MySQL Smarty’s cache against code injection attacks,” noted PrestaShop. “This legacy feature will be retained for backwards compatibility and will be removed from future PrestaShop releases.”
The issue in question is a SQL injection vulnerability affecting versions 220.127.116.11 or later, tracked as CVE-2022-36408.
Successful exploitation of the flaw could allow an attacker to send a specially crafted request that would allow the execution of arbitrary instructions, in this case inserting a fake payment form on the checkout page to collect credit card information.
The development follows a wave of Magecart attacks targeting restaurant ordering platforms MenuDrive, Harbortouch and InTouchPOS, resulting in at least 311 restaurants being compromised.