"Invalid token" when editing a brand

[fusioneat]

 

Hi everyone,

I'm having a serious issue on my PrestaShop 1.7.6.9 installation when trying to edit a brand (manufacturer) from the back office.

Whenever I click "Edit" on a brand, I’m redirected to the warning page:

"Token not valid"

And even if I click "Yes, I understand the risk", the page just reloads without allowing any modification. No changes can be made. In some cases, I also receive an "Invalid token" error.

 

PrestaShop version: 1.7.6.9 and PHP version: 7.3

Back office URL: /adminXXX/index.php/sell/catalog/brands/...

What I've already tried:

Changed browser (Chrome, Firefox, Edge, Safari)

Cleared browser cache and cookies

Cleared PrestaShop cache from the back office

This is the url when i try to modify a brand:

https://www.fusioneat.it/admin123/index.php/security/compromised?uri=https%3A%2F%2Fwww.fusioneat.it%2Fadmin123%2Findex.php%2Fsell%2Fcatalog%2Fbrands%2F241%2Fedit&_token=E7RKITYIRwL3AwzDUwTbHRxQVRPRvVqVtn3K37Vp_2A

PrestaShop 1.7.6.9 (PHP 7.3)

 

Thaks in advance

[Prestashop Addict]

Your actual PHP version is not supported by your PS version. You should downgrade to PHP 7.2.
   

[fusioneat]

Same problem with PHP 7.2..

[El Patron]

This behavior is not native to PrestaShop.
It strongly suggests:

• There is either a security module or override installed,
• Or your PrestaShop install may have a custom security feature (possibly added by your host, a previous developer, or a module).

1. Check for Security Modules

Go to Modules > Module Manager in your back office.
Look for modules like:

• "Security"
• "Admin Security"
• "Access Control"
• "Back Office Guard"
• Anything with "Firewall", "Protector", "Secure", "Admin Tools", "Security Patch", "Compromised", etc.
• Disable these modules one by one, then clear cache and try to edit the brand again after each.

2. Look for Custom Admin Overrides

• Check these locations in your shop’s files for anything related to "security" or "compromised":
• /override/controllers/admin/
• /controllers/admin/
• /admin123/ (your custom admin folder)
• /modules/

3. Search for any files that contain "compromised" in their name or content.

Check .htaccess or Custom Redirects

Open your .htaccess file (in your shop root and in /admin123/).
Look for any custom rules involving /security/compromised or blocking certain URLs.

4. Check Host Security Tools

Some web hosts (especially Italian and Spanish hosts) add their own admin/back office protection (like [SiteGround’s SG Site Scanner, Aruba Security Suite, etc.]). If you see any such tool in your hosting panel, temporarily disable it and re-test.

5. Look for Hacked Files

Although this could be a genuine security module, sometimes this redirect is a result of a hack or infected override to block admin activity.

• Check if any recent files were modified in /admin123/ or /override/ or /modules/.
• Look for new or unfamiliar files (especially with random names or that appeared recently).