gusman126 Posted August 26, 2020 Share Posted August 26, 2020 (edited) I have at least 2 clients who have been infected and uploaded files with viruses. Prestashop versions. 1.7.4.4 and 1.7.6.1. Verification of PHPINIT and everything correct, it is not this problem or bug For now none with a version higher than 1.7.6.5 I have the infected files if someone wants to see them. Only by MP Edited August 28, 2020 by gusman126 (see edit history) Link to comment Share on other sites More sharing options...
JBW Posted August 28, 2020 Share Posted August 28, 2020 There might be modules that have security holes as theses files are unders modules folder. For example: By the way, there are multiple other security related bugs that got fixed only with latest Prestashop versions - check the changelogs 1 Link to comment Share on other sites More sharing options...
Cablando Posted September 4, 2020 Share Posted September 4, 2020 (edited) I confirm that Explorer Pro module allows uncontrolled remote file upload. So it's easy to hack a PS using that module. Also the sampledatainstall and colorpictures modules are vulnerable. I cleaned lots of PS hacked through them. Edited September 9, 2020 by Cablando (see edit history) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now