Prestashop High Risk Warning: Vulnerability PHPUnit - Xsam Xadoo Bot
Prestashop High Risk Warning: Vulnerability PHPUnit - Xsam Xadoo Bot
It 'news of a few days ago that several Prestashop stores have been hacked using a known vulnerability of some versions of PHPUnit, a PHP component that allows automated testing for developers, present in several modules.
Although the vulnerability mainly concerns modules distributed with Prestashop 1.7 and Prestashop 1.6 can also be compromised if the same modules are present on the server.
Several modules have already been identified as vulnerable:
1-Click Upgrade (autoupgrade): versions 4.0 beta and later
Cart Abandonment Pro (pscartabandonmentpro): versions 2.0.1~2.0.2
Faceted Search (ps_facetedsearch): versions 2.2.1~3.0.0
Merchant Expertise (gamification): versions 2.1.0 and later
PrestaShop Checkout (ps_checkout): versions 1.0.8~1.0.9
The investigation is still ongoing and other modules may be added to the list shortly. The Prestashop team is already working to remove modules deemed vulnerable from their repositories and Addons.
How do I check if my shop is vulnerable ?
It is essential to check your modules, in particular the possible folder "vendor" within them. If there is another folder named "phpunit", this module could make you vulnerable and allow an attacker to access your shop's files and upload malware.
Although the vulnerability mainly concerns modules distributed with Prestashop 1.7 and Prestashop 1.6 can also be compromised if the same modules are present on the server.
Several modules have already been identified as vulnerable:
1-Click Upgrade (autoupgrade): versions 4.0 beta and later
Cart Abandonment Pro (pscartabandonmentpro): versions 2.0.1~2.0.2
Faceted Search (ps_facetedsearch): versions 2.2.1~3.0.0
Merchant Expertise (gamification): versions 2.1.0 and later
PrestaShop Checkout (ps_checkout): versions 1.0.8~1.0.9
The investigation is still ongoing and other modules may be added to the list shortly. The Prestashop team is already working to remove modules deemed vulnerable from their repositories and Addons.
How do I check if my shop is vulnerable ?
It is essential to check your modules, in particular the possible folder "vendor" within them. If there is another folder named "phpunit", this module could make you vulnerable and allow an attacker to access your shop's files and upload malware.
To facilitate this task and allow you to automate the subsequent steps illustrated in this article, our "PS IT PHPUnit Vulnerability Remover" Module is at your disposal, with which you can quickly check the presence of a risk and easily remedy it.
How do I protect myself ?
Although there are only a few vulnerable versions of PHPUnit, you can safely delete the /vendor/phpunit folder from any module without compromising its operation.
Warning : this does not exclude that your shop may already have been compromised.
How do I find out if my shop has been compromised ?
Since this vulnerability is of the RCE (remote code execution) type, an attacker has the possibility to execute arbitrary PHP code on your shop.
This means that files on your server can be modified / added / deleted.
Therefore, check the modification date of the files and pay particular attention to the presence of any "anomalous" files that cannot be traced back to a standard Prestashop installation.
How do I clean up an infected shop ?
Since it is not possible to determine exactly the code executed by an attacker after the infection, the only recommended solution is to restore your installation from a non-infected backup and then secure it with the precautions indicated above.
PS IT Solution is at your complete disposal with the "Security" modules and our "Check" Pack
How do I protect myself ?
Although there are only a few vulnerable versions of PHPUnit, you can safely delete the /vendor/phpunit folder from any module without compromising its operation.
Warning : this does not exclude that your shop may already have been compromised.
How do I find out if my shop has been compromised ?
Since this vulnerability is of the RCE (remote code execution) type, an attacker has the possibility to execute arbitrary PHP code on your shop.
This means that files on your server can be modified / added / deleted.
Therefore, check the modification date of the files and pay particular attention to the presence of any "anomalous" files that cannot be traced back to a standard Prestashop installation.
How do I clean up an infected shop ?
Since it is not possible to determine exactly the code executed by an attacker after the infection, the only recommended solution is to restore your installation from a non-infected backup and then secure it with the precautions indicated above.
PS IT Solution is at your complete disposal with the "Security" modules and our "Check" Pack
The best modules and services for the security of your Prestashop!!