What Is The Prestashop’s Latest Security Vulnerability And How To Fix It?

PrestaShop has recently found a major security vulnerability on core PrestaShop software which is affecting PrestaShop websites that are old versions or have custom code which is vulnerable to SQL injection. The vulnerability exploits the flaw in PrestaShop code through SQL injection by creating a file on the root folder (blm.php) and then directs the customers to a fake checkout page which sends the customer payment to the hacker’s account. This is a major vulnerability.

We advise all the PrestaShop website owners to update their shops with the latest version of PrestaShop to avoid hacking attacks.
The PrestaShop team has issued a security patch in the way of an upgraded version of the PrestaShop. This can be applied to the latest versions of the PrestaShop. however, any merchant running an older version of PrestaShop is more vulnerable to the hacking attack and must upgrade their websites to the latest version of PrestaShop.

However, if your store is already attacked by hackers, then the patch may not help. this is what the PrestaShop email says:

Please note that this patch solves the vulnerability identified by PrestaShop, but if a store has already been attacked by hackers, the patch won’t restore its security. We recommend contacting a specialist to perform an audit on your shop, determine if it has been attacked, and perform the necessary clean-up if required.

PrestaShop code maintainers have also advised keeping your PrestaShop installations upgraded to the latest version and regularly updating the modules to fend off the hackers.

This becomes even more important for merchants managing multiple storefronts, where proper configuration of PrestaShop multi-store management helps prevent security loopholes across different shops.

Here is what PrestaShop says about keeping your store updated.

PrestaShop wants to stress out the importance of keeping systems updated to keep stores safe from attacks. This means regularly updating both the PrestaShop platform and its modules, as well as server environments.

If your store needs the security patch or your store needs an upgrade, you can get in touch with us, we are an experienced PrestaShop development team working to build and maintain the PrestaShop website for 10+ years.

Our team can help you at multiple levels. Firstly, by detecting if your website is hacked. If not hacked, we can upgrade your website to the latest PrestaShop version to avoid the attack. In case it is attacked, we can sanitize your website and fortify it with security patches to avoid future attacks.

For more information on the bug, please click here to know more
To more about the patch, please click here to find more.

What is the latest security vulnerability in PrestaShop?

The latest PrestaShop security vulnerability is related to an SQL injection flaw in older or custom-coded versions, allowing hackers to create malicious files and redirect customers to fake checkout pages.

How does the PrestaShop SQL injection vulnerability affect stores?

This vulnerability can let attackers inject malicious code, create unauthorized files like blm.php, and redirect customer payments to fraudulent accounts, putting store data and revenue at risk.

How can I fix the latest PrestaShop security vulnerability?

You can fix the vulnerability by upgrading to the latest PrestaShop version, applying the official security patch, updating all modules, and ensuring your server environment is properly secured.

Will upgrading PrestaShop fix a hacked store?

Upgrading alone may not fix a store that has already been hacked. In such cases, a full security audit, malware cleanup, and additional hardening measures are required to restore store security.

How can I prevent future security issues in PrestaShop?

To prevent future security issues, keep PrestaShop and modules updated, avoid vulnerable custom code, monitor file changes regularly, and follow recommended ecommerce security best practices.