June 23, 2024 at 03:08PM
Hackers are exploiting a flaw in the pkfacebook module for PrestaShop to deploy a card skimmer and steal credit card details from vulnerable e-commerce sites. The flaw, tracked as CVE-2024-36680, allows for SQL injection vulnerabilities. Promokit claims the flaw was fixed, but Friends-Of-Presta warns of active exploitation and recommends specific mitigations. NVD lists versions 1.0.1 and older as vulnerable.
Based on the meeting notes, the key takeaways are:
1. The pkfacebook module for PrestaShop has a critical flaw, CVE-2024-36680, which is being actively exploited by hackers to deploy a card skimmer and steal credit card details from vulnerable e-commerce sites.
2. Promokit, the vendor of pkfacebook, claims to have fixed the flaw, but there is no evidence to support this. The latest version available on the vendor’s site is 1.0.0, while the NVD listing declares all versions from 1.0.1 and older to be vulnerable.
3. Friends-of-Presta has published a proof-of-concept exploit for the flaw and recommends specific mitigations, including upgrading to the latest pkfacebook version, using pSQL to avoid Stored XSS vulnerabilities, and activating OWASP 942 rules on the Web Application Firewall.
4. The exploit allows hackers to obtain administrative privileges, access or modify site data, extract database contents, and rewrite SMTP settings to hijack emails, making it a significant security threat to e-commerce sites using PrestaShop and the pkfacebook module.
5. Approximately two years ago, PrestaShop issued an urgent warning and hotfix against similar attacks targeting modules vulnerable to SQL injection.
These takeaways highlight the urgency for action to address the security implications of the pkfacebook flaw and the importance of taking necessary measures to protect vulnerable e-commerce sites.