PrestaShop Zero-Day
by Artie Kaye
The software for online sellers has a vulnerability which can allow customer data to be taken by malicious parties. PrestaShop strongly urges its users to update their software and all modules used as soon as possible. The company states their latest instance of the software does not display the exploit being usable. The attacks make use of MySQL Smarty cache storage. Even if turned off, it can be remotely turned on by the attacker. If the function is not being used, the company recommends removing it to help mitigate. If you use this software, get in touch with your support and update and take appropriate actions.
The flaw is listed as CVE-2022-36408.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)