PrestaShop is very secure and vulnerabilities are very rare indeed, but here we are, recently a new security vulnerability has been found in PrestaShop modules.
Apparently if affects wide range of PrestaShop versions – 1.5 up to 1.7. The problem seems to be in PHPUnit versions at least for certain server configurations.
How to tell if you have the vulnerability and you has been affected?
Connect to your shop via FTP or shell access, and look at the “vendor” directory in the main prestashop folder and inside each one of your modules:
<prestashop_directory>/vendor
<prestashop_directory>/modules/<module_name>/vendor
If there’s a directory called “phpunit” inside the aforementioned directories, your shop may be vulnerable.
Warning: don’t touch anything else or you might break your shop Other files and folders (e.g /vendor/symfony/symfony/src/Symfony/Bridge/PhpUnit/ or .xml files) are safe, do not delete them.
You can find more info about his PrestaShop modules vulnerability here from the official PrestaShop post.
Free PrestaShop module to tackle the security vulnerability posted on the forums
Further more, a fella from the PrestaShop forums has posted a free module “RSI PHPUNIT BUG FINDER – PS 1.5/1.7” that should help you find if you have been affected more easily.
Note: We have not tested this module so we can’t guarantee its work, but if have have impressions of it, feel free to tell us what you think in the comments below.
Note: As usual we do recommend you to backup your store files and database in case something goes wrong.