Sunday, July 21, 2024
EHA

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the “Facebook” module (pkfacebook) from Promokit.eu for PrestaShop.

The vulnerability, CVE-2024-36680, allows a guest to perform SQL injection attacks on affected module versions.

CVE-2024-36680 – Vulnerability Details

The vulnerability stems from the Ajax script, which contains a sensitive SQL call that can be executed with a trivial HTTP call.

Attackers can exploit this vulnerability to forge SQL injection attacks and gain unauthorized access to the associated PrestaShop database.

According to the module’s author, Promokit.eu, the exact versions impacted by this vulnerability are unknown, as it was introduced long ago.

The author has refused to provide the latest version so that security researchers can verify whether the issue has been fully resolved.

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

As a precautionary measure, all module versions should be considered potentially vulnerable.

Active Exploitation and Warnings

Alarmingly, malicious actors are actively using this exploit to deploy webskimmers, which are designed to steal credit card information from unsuspecting customers.

PrestaShop website owners are urged to take immediate action to mitigate the risk of data theft and unauthorized access.

Mitigation and Recommendations

To protect PrestaShop installations from this vulnerability, upgrading to the latest version of the pkfacebook module is highly recommended.

Additionally, PrestaShop users should consider the following security measures:

  1. Upgrade PrestaShop to the latest version to disable multi-query executions and enhance overall security.
  2. Ensure that the pSQL function, which includes, is properly implemented to protect against Stored XSS vulnerabilities.
  3. Change the default database prefix ps_ to a longer, arbitrary prefix to make it more difficult for attackers to guess.
  4. OWASP 942’s rules on a Web Application Firewall (WAF) will be activated to strengthen security further while being aware of potential conflicts with the back office functionality.

PrestaShop website owners are advised to address this critical vulnerability swiftly and implement the recommended security measures to safeguard their online stores and protect customer data from potential breaches.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

Website

Latest articles

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,'...

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users,...

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have...

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...
Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles