1 hour ago, Doopiempd said:You are full of sh*t in this post and you know it. We provided all evidence on a silver plate. And now you are denying and still NOT give people information.
Pathetic attempt to brush it off.
I think it is important for us to get all the information first before accusing Prestashop. I understand your frustration but as @Thierry L posted earlier, CVE-2025-69633 does allow SQL Injection and in turn "Retrieve administrator credentials and ultimately obtain admin access to BackOffice". If this is how they are getting in, upgrading the module code:
- OR FIND_IN_SET("' . $controller . '", `controller_exceptions`))';
+ OR FIND_IN_SET("' . pSQL($controller) . '", `controller_exceptions`))';
Line ~371
Line ~986
would fix the issue and stop the compromise re-occurring (assuming this is how the site was compromised).
If @venditdevs confirms the client had the "Advanced Popup Creator" module installed, this may explain how the compromise occurred.