PrestaShop Confirms Zero-Day Attacks Against E-Commerce Servers


The team behind the open-source ecommerce platform PrestaShop has published a public advisory to warn of zero-day SQL injection attacks aimed at merchant servers and capable of collecting payment information from customers.

Hackers are using a “combination of known and undisclosed security flaws” to insert malicious malware on ecommerce websites running the PrestaShop platform, according to an urgent advisory from PrestaShop. “A newly discovered exploit could allow remote attackers to take control of your store,” PrestaShop stated, adding that the security flaw could expose as many as 300,000 third-party merchants to server compromises that reveal sensitive data.

According to the PrestaShop team, the attackers seem to be targeting stores using obsolete software or modules.

Read More: PrestaShop Confirms Zero Day Attacks Hitting eCommerce Servers