PrestaShop is Released. Major Security Vulnerability Fixed

If you have an eCommerce store on PrestaShop, you should know that a new version ( was released last week. This update is important because it fixes several critical security issues that could allow someone to access or modify your data without permission.

 If you are running PrestaShop, we recommend that you upgrade to PrestaShop as soon as possible to take advantage of its security patch. This Prestashop upgrade is recommended in order to keep your shop safe from cyber attacks.

 Let’s talk more about it.

About the challenge

The PrestaShop team has been working on eCommerce stores for a long time. Unfortunately, some people who want to harm businesses do this by exploiting security vulnerabilities in PrestaShop websites and making them steal customers’ payment information. 

Are you looking fo a certified
Developer for your project?

What businesses are vulnerable to this attack?

    • PrestaShops that are vulnerable to SQL injections.
    • PrestaShops that are un-updated or using outdated modules
  • PrestaShops that are using un-verified 3rd-party modules    

 How PrestaShops are attacked?

The developers and the eCommerce owners have been talking about how the system should work. It seems like this is how it will go:

  1. The attacker sends a request to the endpoint that is vulnerable to SQL injection.
  2. The attacker submits a GET request to the homepage without any parameters. This request happens within one second. As a result, a PHP file called blm.php is created at the root of the eCommerce directory.
  3. The attacker submits a request to the new file, blm.php, which allows them to do random activities.
  4. Hackers inject fake payment forms into checkout pages on the front office website. Customers fill in their credit card information on the fake form, unknowingly sending it to the hackers.

Tips to keep your PrestaShop secure?

  • Make sure your PrestaShop is using the latest version. This will help prevent your eCommerce from being exposed to known and actively exploited SQL injection vulnerabilities. Also, make sure your modules are up to date.
  • To break the attack chain, it is recommended that you disable the MySQL Smarty cache storage feature in PrestaShop code.

Finding professionals who can support, fix, and maintain your PrestaShop?

Let’s Talk

Improvements in PrestaShop

  • MySQL Smarty cache storage is stronger against code injection attacks.
  • If the shop is vulnerable to an SQL injection, then we can evaluate the injection.

Important Note:  Make sure to keep your PrestaShop software up to date. This will help you prevent attacks like this from happening. Be sure to check for updates regularly, including updates to your PrestaShop software, modules, and server environment.

Best way to upgrade your PrestaShop to V1.7.8.7

If you want to use the latest version of PrestaShop,, be aware that it has some new changes. Keep in mind that if you try to manage PrestaShop on your own, you may run into some problems! It’s a good idea to contact a specialist who can do a full audit of your PrestaShop and work on any issues you may have.

We are a PrestaShop Development agency. We have experts who can help you upgrade/update to the latest version of PrestaShop, which is Let’s connect and get this done for you.

Share On Facebook
Share On Twitter
Share On Linkedin

We hope you enjoy reading this blog post.

If you want a free audit of your Prestashop project click here

Related Blogs

  • Migrating-Prestashop-store-to-another-domain

    Tips for Migrating PrestaShop Store to Another Domain

    There are various reasons a company changes the domain name of the website. For example, an eCommerce store running for years might have changed its

    Read More