Critical security vulnerability in PrestaShop modules found

PrestaShop is very secure and vulnerabilities are very rare indeed, but here we are, recently a new security vulnerability has been found in PrestaShop modules.

Apparently if affects wide range of PrestaShop versions – 1.5 up to 1.7. The problem seems to be in PHPUnit versions at least for certain server configurations.

How to tell if you have the vulnerability and you has been affected?

Connect to your shop via FTP or shell access, and look at the “vendor” directory in the main prestashop folder and inside each one of your modules:

<prestashop_directory>/vendor
<prestashop_directory>/modules/<module_name>/vendor

If there’s a directory called “phpunit” inside the aforementioned directories, your shop may be vulnerable.

Warning: don’t touch anything else or you might break your shop Other files and folders (e.g /vendor/symfony/symfony/src/Symfony/Bridge/PhpUnit/ or .xml files) are safe, do not delete them.

You can find more info about his PrestaShop modules vulnerability here from the official PrestaShop post.

Free PrestaShop module to tackle the security vulnerability posted on the forums

Further more, a fella from the PrestaShop forums has posted a free module “RSI PHPUNIT BUG FINDER – PS 1.5/1.7” that should help you find if you have been affected more easily.

Note: We have not tested this module so we can’t guarantee its work, but if have have impressions of it, feel free to tell us what you think in the comments below.

Note: As usual we do recommend you to backup your store files and database in case something goes wrong.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Must Read

PrestaShop vs WooCommerce: Practical comparison

0
Many of my acquaintances and friends ask me if they should use WooCommerce instead of PrestaShop for their store.