Jesse Posted October 3, 2021 Share Posted October 3, 2021 (edited) Hi PrestaShop 1.7.7.8 upgraded slowly over time from 1.7.2 PHP 7.3 Paypal Module Australia Post Module Email Verification Module The site received an order with one of the products at an odd total. The product is $98.89 for one kilogram and it sold for $44.50 on the order invoice total. I have checked the site and placed a test order and it proves working correctly the product is displayed as $98.89 https://rangeviewseeds.com/broccoli/958-677-microgreens-and-baby-leaf-broccoli-green-sprouting.html#/30-packet_size-1kg The order was for several products and their totals all came out right in the invoice I thought of a feature request however it may go against some rules and this is the include the users internet information such as browser and device with each order for internal use. The order came from the Android 11 with Chrome from the http log I will update the custom template or use the default ,it must be the cause Edited October 3, 2021 by Jesse Solved (see edit history) Link to comment Share on other sites More sharing options...
Jesse Posted October 24, 2021 Author Share Posted October 24, 2021 I have almost certainly confirmed this issue, and https://www.prestashop.com/forums/topic/1053817-missed-order-no-address/ As a hack attempt via SQL injection. This is a real weak spot i am aware a module can be purchased. There was a SQL injection security breech with Prestashop a couple versions ago however seemed unrelated to this shop as it is not running the comments module. Its seems this has started a Prestashop SQL Injection game around the internet,two outdated sites have been affected from observation. One has a 600mb SQL database Link to comment Share on other sites More sharing options...
Jesse Posted October 27, 2021 Author Share Posted October 27, 2021 On 10/24/2021 at 2:14 PM, Jesse said: I have almost certainly confirmed this issue, and https://www.prestashop.com/forums/topic/1053817-missed-order-no-address/ As a hack attempt via SQL injection. This is a real weak spot i am aware a module can be purchased. There was a SQL injection security breech with Prestashop a couple versions ago however seemed unrelated to this shop as it is not running the comments module. Its seems this has started a Prestashop SQL Injection game around the internet,two outdated sites have been affected from observation. One has a 600mb SQL database It is not a Prestashop's Security fault,it was an outdated computer used to access the admin. I will be moving this business to Ubuntu Linux for accessing the admin Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now