Online shop operators based on PrestaShop should update the software to ensure customer security.
The PrestaShop shop system is vulnerable and attackers are currently successfully exploiting a security gap to record credit card data, for example. Updating the system will fix it.
In an article, the PrestaShop developers warn of the attacks that are currently taking place. According to them, attackers use an SQL injection vulnerability to execute their own commands in shops to gain control. According to them, stores starting with PrestaShop 1.6.0.10 are vulnerable. the Versions from 1.7.8.2 should be protected against attacks. They also point out that the Wishlist module is vulnerable in releases 2.0.0~2.1.0.
Shop operators should therefore ensure that not only the shop software but also all modules are up to date. In the warning message, the developers explain how to recognize shops that have already been compromised. The article does not state which CVE number the vulnerability has and what level of threat it poses.
