Facebook PrestaShop module exploited to steal credit cards
Briefly

from BleepingComputer8 months ago
The critical flaw, tracked as CVE-2024-36680, is an SQL injection vulnerability in pkfacebook's facebookConnect.php Ajax script, allowing remote attackers to trigger SQL injection using HTTP requests.
BleepingComputerhttps://www.bleepingcomputer.com/news/security/facebook-prestashop-module-exploited-to-steal-credit-cards/
This exploit is actively used to deploy a web skimmer to massively steal credit cards, as warned by Friends-Of-Presta.
BleepingComputerhttps://www.bleepingcomputer.com/news/security/facebook-prestashop-module-exploited-to-steal-credit-cards/
Friends-of-Presta recommends upgrading to the latest pkfacebook version, using pSQL to avoid XSS vulnerabilities, and changing the default prefix for added security.
BleepingComputerhttps://www.bleepingcomputer.com/news/security/facebook-prestashop-module-exploited-to-steal-credit-cards/
Read at BleepingComputer
#hackers #exploitation #prestashop #pkfacebook #sql-injection
[
|
]