Facebook PrestaShop module exploited to steal credit cards
Briefly

The critical flaw, tracked as CVE-2024-36680, is an SQL injection vulnerability in pkfacebook's facebookConnect.php Ajax script, allowing remote attackers to trigger SQL injection using HTTP requests.
This exploit is actively used to deploy a web skimmer to massively steal credit cards, as warned by Friends-Of-Presta.
Friends-of-Presta recommends upgrading to the latest pkfacebook version, using pSQL to avoid XSS vulnerabilities, and changing the default prefix for added security.
Read at BleepingComputer
[
|
]