{"id":2703,"date":"2022-08-05T13:28:27","date_gmt":"2022-08-05T13:28:27","guid":{"rendered":"https:\/\/www.nethues.com\/blog\/?p=2703"},"modified":"2023-07-17T10:10:08","modified_gmt":"2023-07-17T10:10:08","slug":"prestashop-1-7-8-7-security-vulnerability","status":"publish","type":"post","link":"https:\/\/www.nethues.com\/blog\/prestashop-1-7-8-7-security-vulnerability\/","title":{"rendered":"PrestaShop 1.7.8.7 is Out to Fix Major Security Vulnerability"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">If you run an eCommerce store on PrestaShop, you\u2019re probably aware that the latest version- PrestaShop 1.7.8.7- was released on 25 July 2022.<\/span><\/p>\n<p style=\"text-align: justify;\">This update is particularly significant because it fixes several critical security issues that could allow an unauthorized user to access or modify data on your site. If you&#8217;re running PrestaShop 1.7.8.6, we recommend upgrading to 1.7.8.7 as soon as possible to take advantage of this security patch.<\/p>\n<p style=\"text-align: justify;\">Like previous versions, this <a href=\"https:\/\/www.nethues.com\/prestashop-upgrade\" target=\"_blank\" rel=\"noopener\">PrestaShop upgrade<\/a> is recommended to keep your shop safe from attacks.<br \/>\nLet\u2019s discuss more about it.<\/p>\n<h2 id=\"test2\"><span class=\"ez-toc-section\" id=\"Where_the_Issue_Lies\"><\/span>Where the Issue Lies?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>PrestaShop Inc. has been powering eCommerce stores for years now. Unfortunately, some hostile performers exploit known and unknown security vulnerabilities to inject malicious code into PrestaShop websites, making them steal customers&#8217; payment information.<\/p>\n<hr \/>\n<p class=\"pMargin-b\" style=\"text-align: center;\"><strong>Must Read:<\/strong> <a href=\"https:\/\/www.nethues.com\/blog\/hire-top-prestashop-development-companies\/\" rel=\"bookmark\">Why Hire Top PrestaShop Development Companies In 2023?<\/a><\/p>\n<hr \/>\n<h2><span class=\"ez-toc-section\" id=\"Who_are_Under_Attack\"><\/span>Who are Under Attack?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li>PrestaShops that are vulnerable to SQL injection attacks.<\/li>\n<li>Online eCommerce store using outdated software or modules.<\/li>\n<li>PrestaShops that are using vulnerable third-party modules.<\/li>\n<\/ul>\n\r\n<div class=\"cta_section blue_gradient cta-section-2\">\r\n<div class=\"container\">\r\n<div class=\"text-left\">\r\n<div class=\"cta-h\" style=\"color: #fff;\">We can help you fix, maintain, and upkeep your PrestaShop<\/div>\r\n<div class=\"default_btn blog-cta-btn\">\r\n\t\t<a class=\"orange_gradient btn-cta-blog\" href=\"https:\/\/www.nethues.com\/prestashop-support\">Explore PrestaShop Support Services<\/a><\/a>\r\n\t\t\t\t\t<\/div>\r\n<\/div>\r\n<div class=\"image-right\">\r\n\t\t<img src=\"https:\/\/www.nethues.com\/blog\/app\/uploads\/2022\/08\/wocomerce-cta.png\"alt=\"user-flow\" width=\"105\" height=\"104\" >\r\n\t\t<\/div>\r\n<div><\/div>\r\n<\/div>\r\n<\/div>\r\n\t\r\n\t\r\n\n<h2><span class=\"ez-toc-section\" id=\"How_Does_the_Attack_Work\"><\/span>How Does the Attack Work?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\">Based on the conversations between the developers and the eCommerce owners, the systematic method of operation looks like this:<\/p>\n<ul>\n<li style=\"text-align: justify;\">The attacker makes a POST request to the endpoint vulnerable to SQL injection.<\/li>\n<li style=\"text-align: justify;\">A GET request to the homepage with no parameters is submitted within one second by the attacker. It results in a PHP file called blm.php at the root of the eCommerce directory.<\/li>\n<li style=\"text-align: justify;\">Finally, the attacker submits a GET request to the new file, blm.php, allowing them to perform random activities.<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">Fake payment forms are injected into the front-office checkout page, and the customers fill their credit card information on the artificial form, unknowingly sending it to the attackers.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_to_Keep_Your_Online_Business_Safe\"><\/span><strong>How to Keep Your Online Business Safe?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><b>Update to the Latest PrestaShop Version<\/b><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Ensure that your PrestaShop is operating on the latest version and that your modules are updated. Thus, preventing your eCommerce from being exposed to known and actively exploited SQL injection vulnerabilities.<\/span><\/p>\n<p><b>Disable MySQL Smarty cache<\/b><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">To break the attack chain, physically disabling the MySQL Smarty cache storage feature in the PrestaShop code is recommended.<\/span><\/p>\n<p><b>Perform Regular Checks<\/b><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Your store requires regular checks and security scans to identify and eliminate potential malicious codes, viruses, hidden spam links, and spam pages. It is vital to remove all sources of vulnerabilities for strengthened security.<\/span><\/p>\n<p><b>Update to Strong Passwords Regularly<\/b><\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-3512 \" src=\"https:\/\/www.nethues.com\/blog\/app\/uploads\/2022\/08\/frequency-creating.png\" alt=\"frequency-creating\" width=\"567\" height=\"271\" srcset=\"https:\/\/www.nethues.com\/blog\/app\/uploads\/2022\/08\/frequency-creating.png 512w, https:\/\/www.nethues.com\/blog\/app\/uploads\/2022\/08\/frequency-creating-300x144.png 300w\" sizes=\"(max-width: 567px) 100vw, 567px\" \/><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">It might seem trivial, but updating to strong store passwords regularly acts as the first line of defense against various forms of hacking. Mandating strong passwords will become one of the standard web features in 2023.<\/span><\/p>\n<p><b>Ensure SSL Certificate Integration<\/b><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">SSL stands for secure socket layer, and as the name suggests, it offers an added layer of security to websites, web apps, mobile apps, and other software. A site with SSL offers data encryption between the web server and user communication. This helps to secure sensitive data like credit card details, customer personal information, username, passwords, etc.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">You can easily check whether your website has an SSL certificate or if you need to integrate one. Simply open the website over a browser. The website with SSL certificates showcases a green or black colored padlock icon in the address field right before the store address. <\/span><\/p>\n<h2 class=\"block-text-blog\"><span class=\"ez-toc-section\" id=\"Bugs_Fixed\"><\/span>Bugs Fixed<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li>Strengthens the MySQL Smarty cache storage against code injection attacks.<\/li>\n<li>Security.<\/li>\n<li>Eval injection if the shop is vulnerable to an SQL injection.<\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><strong>Reminder:<\/strong>\u00a0\u00a0Keep your PrestaShop version updated to prevent such attacks. Don&#8217;t forget to regularly check for updates related to your PrestaShop software, modules, and server environment.<\/p>\n<hr \/>\n<p class=\"pMargin-b\" style=\"text-align: center;\">Must Read: <a href=\"https:\/\/www.nethues.com\/blog\/prestashop-8-0-the-final-version\/\" rel=\"bookmark\">PrestaShop 8.0: The Final Version Is Here!<\/a><\/p>\n<hr \/>\n<h2><span class=\"ez-toc-section\" id=\"Safest_Approach_to_Upgrade_Your_PrestaShop\"><\/span>Safest Approach to Upgrade Your PrestaShop<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\">With these and many other changes, <a href=\"https:\/\/build.prestashop.com\/news\/prestashop-1-7-8-7-maintenance-release\/\" target=\"_blank\" rel=\"nofollow noopener\">PrestaShop 1.7.8.7<\/a> is a must-have update.<\/p>\n<p style=\"text-align: justify;\">Be aware that managing PrestaShop on your own can invite various bugs or technical issues! Consider contacting a specialist to perform a full audit of your PrestaShop and work on it.<\/p>\n<p style=\"text-align: justify;\">Being a PrestaShop partner agency, we have <a href=\"https:\/\/www.nethues.com\/hire-prestashop-developer\" target=\"_blank\" rel=\"noopener\">certified PrestaShop experts<\/a> on board who can help you upgrade\/update to the latest version of PrestaShop,i.e., 1.7.8.7.<\/p>\n<p style=\"text-align: justify;\">Let&#8217;s connect and get the needful done.<\/p>\n\n<div class=\"cta_section blue_gradient cta-section-2\">\n<div class=\"container\">\n<div class=\"image-right\">\n\t\t<img src=\"https:\/\/www.nethues.com\/blog\/app\/uploads\/2021\/07\/Mobile-App1-01-01.png\"alt=\"user-flow\" width=\"105\" height=\"104\" >\n\t\t<\/div>\n<div class=\"text-left\">\n<div class=\"cta-h2\" style=\"color: #fff;margin-top: 15px;\">Boost Your Online Store with Prestashop Upgrade<\/div>\n<\/div>\n\n<div class=\"counter-flex\">\n\t\t\t<div class=\"counter-box\">\n\t\t\t\t\t\t<h4><span class=\"count\">2500<\/span>+<\/h4>\t\t\t\t\t\t\t\t\t\t\t\t<p>Project Launched<\/p>\t\t\t<\/div>\n\t\t\t<div class=\"counter-box\">\n\t\t\t\t\t\t\t<h4><span class=\"count\">20<\/span>+<\/h4>\t\t\t\t\t\t\t<p>Years of Experience<\/p>\t\t\t<\/div>\n\t\t\t<div class=\"counter-box\">\n\t\t\t\t\t\t\t<h4><span class=\"count\">250<\/span>+<\/h4>\t\t\t\t\t\t\t<p>Skilled Professionals<\/p>\t\t\t<\/div>\n\t\t\t<div class=\"counter-box\">\n\t\t\t\t\t\t\t<h4><span class=\"count\">60<\/span>+<\/h4>\t\t\t\t\t\t\t<p>Days of Free Support<\/p>\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\n\t\t\n<div class=\"default_btn blog-cta-btn margTbtn\">\n\t<a class=\"orange_gradient btn-cta-blog\" href=\"https:\/\/www.nethues.com\/contact\">Hire PrestaShop Developers<\/a><\/a>\n\t\t\t\t\t<\/div>\n\n\n<\/div>\n\t\n<\/div>\n\n<h2><span class=\"ez-toc-section\" id=\"Frequently_Asked_Questions\"><\/span><strong>Frequently Asked Questions<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><b>Q1. Why do you need PrestaShop login security?<\/b><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">PrestaShop login security with two-factor authentication (2FA) eliminates the risks associated with compromised passwords. Even if a user&#8217;s password has been hacked, guessed, or phished, the attacker fails to log in. Login is successful only after the approval of the second factor.<\/span><\/p>\n<p><b>Q2. How to manually upgrade your PrestaShop?<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Manual upgrade of a Prestashop store involves you implementing the following steps:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Download PrestaShop&#8217;s latest version<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Go to the compressed archive and extract files<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Further, switch the store to the maintenance mode<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Disable caching<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Next, copy the files to the server<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Update your database<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Eliminate the &#8220;Install&#8221; folder<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Update forms<\/span><\/li>\n<\/ul>\n<p><b>Q3. How to set up PrestaShop multistore?<\/b><\/p>\n<p><span style=\"font-weight: 400;\">To enable multiple stores in PrestaShop, you need to do the following:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Navigate to the shop parameters<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Go to General\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Now enable the Multistore option<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">This creates a multishop tab under the advanced parameters section.<\/span><\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>If you run an eCommerce store on PrestaShop, you\u2019re probably aware that the latest version- PrestaShop 1.7.8.7- was released on 25 July 2022. This update&#8230;<!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":10,"featured_media":2704,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"blog-two-sidebar.php","format":"standard","meta":[],"categories":[30],"tags":[332,307,308,339],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Prestashop 1.7.8.7 Is Released | Major Security Bugs Fixed<\/title>\n<meta name=\"description\" content=\"Prestashop 1.7.8.7 is released - All the major and minor security bugs has been fixed. To know more read this blog\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.nethues.com\/blog\/prestashop-1-7-8-7-security-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Prestashop 1.7.8.7 Is Released | Major Security Bugs Fixed\" \/>\n<meta property=\"og:description\" content=\"Prestashop 1.7.8.7 is released - All the major and minor security bugs has been fixed. To know more read this blog\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.nethues.com\/blog\/prestashop-1-7-8-7-security-vulnerability\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-05T13:28:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-17T10:10:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.nethues.com\/blog\/app\/uploads\/2022\/08\/Nethues-Blog-Image-PrestaShop-1.7.8.7-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1215\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Himanshu Rehani\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Himanshu Rehani\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Prestashop 1.7.8.7 Is Released | Major Security Bugs Fixed","description":"Prestashop 1.7.8.7 is released - All the major and minor security bugs has been fixed. To know more read this blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.nethues.com\/blog\/prestashop-1-7-8-7-security-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"Prestashop 1.7.8.7 Is Released | Major Security Bugs Fixed","og_description":"Prestashop 1.7.8.7 is released - All the major and minor security bugs has been fixed. To know more read this blog","og_url":"https:\/\/www.nethues.com\/blog\/prestashop-1-7-8-7-security-vulnerability\/","article_published_time":"2022-08-05T13:28:27+00:00","article_modified_time":"2023-07-17T10:10:08+00:00","og_image":[{"width":2560,"height":1215,"url":"https:\/\/www.nethues.com\/blog\/app\/uploads\/2022\/08\/Nethues-Blog-Image-PrestaShop-1.7.8.7-scaled.jpg","type":"image\/jpeg"}],"author":"Himanshu Rehani","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Himanshu Rehani","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.nethues.com\/blog\/prestashop-1-7-8-7-security-vulnerability\/","url":"https:\/\/www.nethues.com\/blog\/prestashop-1-7-8-7-security-vulnerability\/","name":"Prestashop 1.7.8.7 Is Released | Major Security Bugs Fixed","isPartOf":{"@id":"https:\/\/www.nethues.com\/blog\/#website"},"datePublished":"2022-08-05T13:28:27+00:00","dateModified":"2023-07-17T10:10:08+00:00","author":{"@id":"https:\/\/www.nethues.com\/blog\/#\/schema\/person\/ab46a9b65922dd757e441e13b59df073"},"description":"Prestashop 1.7.8.7 is released - All the major and minor security bugs has been fixed. To know more read this blog","breadcrumb":{"@id":"https:\/\/www.nethues.com\/blog\/prestashop-1-7-8-7-security-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.nethues.com\/blog\/prestashop-1-7-8-7-security-vulnerability\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.nethues.com\/blog\/prestashop-1-7-8-7-security-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.nethues.com\/blog\/"},{"@type":"ListItem","position":2,"name":"PrestaShop 1.7.8.7 is Out to Fix Major Security Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/www.nethues.com\/blog\/#website","url":"https:\/\/www.nethues.com\/blog\/","name":"","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.nethues.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.nethues.com\/blog\/#\/schema\/person\/ab46a9b65922dd757e441e13b59df073","name":"Himanshu Rehani","description":"Holding the position of a software developer, Himanshu started off his career with Nethues five years back. Since then, he has put in every effort to learn and grow into a full-fledged developer.","url":"https:\/\/www.nethues.com\/blog\/author\/himanshurehani\/"}]}},"_links":{"self":[{"href":"https:\/\/www.nethues.com\/blog\/wp-json\/wp\/v2\/posts\/2703"}],"collection":[{"href":"https:\/\/www.nethues.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nethues.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nethues.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nethues.com\/blog\/wp-json\/wp\/v2\/comments?post=2703"}],"version-history":[{"count":29,"href":"https:\/\/www.nethues.com\/blog\/wp-json\/wp\/v2\/posts\/2703\/revisions"}],"predecessor-version":[{"id":3519,"href":"https:\/\/www.nethues.com\/blog\/wp-json\/wp\/v2\/posts\/2703\/revisions\/3519"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.nethues.com\/blog\/wp-json\/wp\/v2\/media\/2704"}],"wp:attachment":[{"href":"https:\/\/www.nethues.com\/blog\/wp-json\/wp\/v2\/media?parent=2703"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nethues.com\/blog\/wp-json\/wp\/v2\/categories?post=2703"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nethues.com\/blog\/wp-json\/wp\/v2\/tags?post=2703"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}