PrestaShop is out to fix major security vulnerability

Published by - Himanshu Rehani | 05th Aug 2022

If you run an eCommerce store on PrestaShop, you’re probably aware that a new version ( was released last week.
This update is particularly significant because it fixes several critical security issues that could allow an unauthorized user to access or modify data on your site.
If you’re running PrestaShop, we recommend upgrading to as soon as possible to take advantage of this security patch.
Like previous versions, this PrestaShop upgrade is recommended to keep your shop safe from attacks.
Let’s discuss more about it.

Where the issue lies?

PrestaShop Inc. has been powering eCommerce stores for years now. Unfortunately, some hostile performers exploit known and unknown security vulnerabilities to inject malicious code into PrestaShop websites, making them steal customers’ payment information.

Who are under attack?

  • PrestaShops that are vulnerable to SQL injection attacks.
  • Online eCommerce store using outdated software or modules.
  • PrestaShops that are using vulnerable third-party modules.

How does the attack work?

 Based on the conversations between the developers and the eCommerce owners, the systematic method of operation looks like this:

1. The attacker makes a POST request to the endpoint vulnerable to SQL injection.
2. A GET request to the homepage with no parameters is submitted within one second by the attacker. It results in a PHP file called blm.php at the root of the eCommerce directory.
3. Finally, the attacker submits a GET request to the new file, blm.php, allowing them to perform random activities.

Fake payment forms are injected into the front-office checkout page, and the customers fill their credit card information on the artificial form, unknowingly sending it to the attackers.

How to keep your online business safe?

  • Ensure that your PrestaShop is operating on the latest version and that your modules are updated. Thus, preventing your eCommerce from being exposed to known and actively exploited SQL injection vulnerabilities.
  • To break the attack chain, physically disabling the MySQL Smarty cache storage feature in PrestaShop code is recommended.

We can help you fix, maintain, and upkeep your PrestaShop


Bugs Fixed

  • Strengthens the MySQL Smarty cache storage against code injection attacks.
  • Security.
  • Eval injection if the shop is vulnerable to an SQL injection.

Reminder:  Keep your PrestaShop version updated to prevent such attacks. Don’t forget to regularly check for updates related to your PrestaShop software, modules, and server environment.

Safest approach to upgrade your PrestaShop

With these and many other changes, PrestaShop is a must-have update.

Be aware that managing PrestaShop on your own can invite various bugs or technical issues! Consider contacting a specialist to perform a full audit of your PrestaShop and work on it.

Being a PrestaShop partner agency, we have certified PrestaShop experts on board who can help you upgrade/update to the latest version of PrestaShop,i.e.,

Let’s connect and get the needful done.

Author’s Bio

Himanshu Rehani - Sr. Software Developer

Holding the position of a software developer, Himanshu started off his career with Nethues five years back. Since then, he has put in every effort to learn and grow into a full-fledged developer.

Read more posts by

Stay Updated

We regularly share new tech updates, blogs, articles and industry insights. If you enjoy reading them to grow your knowledge! Drop your email address and hit the subscribe button.

Want to hire certifiedPrestaShop developer for your project?

Let's Talk