{"id":15566,"date":"2022-07-22T22:22:57","date_gmt":"2022-07-22T20:22:57","guid":{"rendered":"https:\/\/chisla.ua\/?p=15566"},"modified":"2023-05-28T22:48:01","modified_gmt":"2023-05-28T20:48:01","slug":"vulnerability-prestashop-mysql-smarty-cache-storage","status":"publish","type":"post","link":"https:\/\/chisla.ua\/en\/vulnerability-prestashop-mysql-smarty-cache-storage\/","title":{"rendered":"Vulnerability issue in Prestashop versions 1.6 and 1.7 &#8211; MySQL Smarty cache storage"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"15566\" class=\"elementor elementor-15566\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-dbac71f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"dbac71f\" data-element_type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-42452e6\" data-id=\"42452e6\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c560efa elementor-widget elementor-widget-heading\" data-id=\"c560efa\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.9.2 - 21-12-2022 *\/\n.elementor-heading-title{padding:0;margin:0;line-height:1}.elementor-widget-heading .elementor-heading-title[class*=elementor-size-]>a{color:inherit;font-size:inherit;line-height:inherit}.elementor-widget-heading .elementor-heading-title.elementor-size-small{font-size:15px}.elementor-widget-heading .elementor-heading-title.elementor-size-medium{font-size:19px}.elementor-widget-heading .elementor-heading-title.elementor-size-large{font-size:29px}.elementor-widget-heading .elementor-heading-title.elementor-size-xl{font-size:39px}.elementor-widget-heading .elementor-heading-title.elementor-size-xxl{font-size:59px}<\/style><h1 class=\"elementor-heading-title elementor-size-default\">Vulnerability issue in Prestashop versions 1.6 and 1.7 - MySQL Smarty cache storage<\/h1>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3d5407c elementor-widget elementor-widget-text-editor\" data-id=\"3d5407c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.9.2 - 21-12-2022 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#818a91;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#818a91;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p><strong>A newly found exploit could allow remote attackers to take control of your shop.<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-37e79c0 elementor-widget elementor-widget-text-editor\" data-id=\"37e79c0\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites.\u00a0 To the best of our understanding, this issue seems to concern shops based on versions 1.6.0.10 or greater, subject to SQL injection vulnerabilities. Versions 1.7.8.2 and greater are not vulnerable unless they are running a module or custom code which itself includes an SQL injection vulnerability.\u00a0<\/p><p>Note that versions 2.0.0~2.1.0 of the Wishlist (blockwishlist) module are vulnerable.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-adcd9f0 elementor-widget elementor-widget-heading\" data-id=\"adcd9f0\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">How the attack works<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e14077f elementor-widget elementor-widget-text-editor\" data-id=\"e14077f\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>The attack requires the shop to be vulnerable to SQL injection exploits. To the best of our knowledge, the latest version of PrestaShop and its modules are free from these vulnerabilities. We believe attackers are targeting shops using outdated software or modules, vulnerable third-party modules, or a yet-to-be-discovered vulnerability.<\/p><p>According to our conversations with shop owners and developers, the recurring modus operandi looks like this:<\/p><ol><li>The attacker submits a POST request to the endpoint vulnerable to SQL injection.<\/li><li>After approximately one second, the attacker submits a GET request to the homepage, with no parameters. This results in a PHP file called <b>blm.php<\/b> being created at the root of the shop\u2019s directory.<\/li><li>The attacker now submits a GET request to the new file that was created, blm.php, allowing them to execute arbitrary instructions.<\/li><\/ol><p>After the attackers successfully gained control of a shop, they injected a fake payment form on the front-office checkout page. In this scenario, shop customers might enter their credit card information on the fake form, and unknowingly send it to the attackers.<\/p><p>While this seems to be the common pattern, attackers might be using a different one, by placing a different file name, modifying other parts of the software, planting malicious code elsewhere, or even erasing their tracks once the attack has been successful.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-43ee4e3 elementor-widget elementor-widget-heading\" data-id=\"43ee4e3\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Vulnerability mitigation recommendations<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e242261 elementor-widget elementor-widget-text-editor\" data-id=\"e242261\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>First of all, make sure that your shop and all your modules are updated to their latest version. This should prevent your shop from being exposed to known and actively exploited SQL injection vulnerabilities.<\/p><p>According to our current understanding of the exploit, attackers might be using MySQL Smarty cache storage features as part of the attack vector. This feature is rarely used and is disabled by default, but it can be enabled remotely by the attacker. Until a patch has been published, we recommend physically disabling this feature in PrestaShop\u2019s code in order to break the attack chain.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-753ff86 elementor-widget elementor-widget-text-editor\" data-id=\"753ff86\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>To do so, locate the file <strong>config\/smarty.config.inc.php<\/strong> on your PrestaShop install, and remove <em>lines 43-46 (PrestaShop 1.7) or 40-43 (PrestaShop 1.6)<\/em>:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-23bc93b elementor-widget elementor-widget-heading\" data-id=\"23bc93b\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">How to tell if you have been affected<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c374ce1 elementor-widget elementor-widget-text-editor\" data-id=\"c374ce1\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Consider looking at your server\u2019s access log for the attack pattern explained above. This is an example shared by a community member:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f337fd4 elementor-widget elementor-widget-text-editor\" data-id=\"f337fd4\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><em>(Note: the vulnerable module\u2019s path has been modified for security reasons)<\/em><\/p><p>Be aware that not finding this pattern on your logs doesn\u2019t necessarily mean that your shop has not been affected by the attack: the complexity of the exploit means that there are several ways of performing it, and attackers might also try and hide their tracks.<\/p><p>Consider contacting a specialist to perform a full audit of your site and make sure that no file has been modified nor any malicious code has been added.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-600cd7c elementor-widget elementor-widget-heading\" data-id=\"600cd7c\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Additional information\n<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f8d46d3 elementor-widget elementor-widget-text-editor\" data-id=\"f8d46d3\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>PrestaShop 1.7.8.7\u00a0has been released to strengthen the MySQL Smarty cache storage against code injection attacks. Special thanks to Dominik Shaim who first reached out to the security team and helped investigate the vulnerability.<\/p><p>We would like to take the opportunity to stress out once more the importance of keeping your system updated to prevent such attacks. This means regularly updating both your PrestaShop software and its modules, as well as your server environment.<\/p><p><em>(Note: the original article has been updated on Monday, July 25, 2022, to add information about the release of PrestaShop 1.7.8.7.)<\/em><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9472e17 elementor-widget elementor-widget-spacer\" data-id=\"9472e17\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.9.2 - 21-12-2022 *\/\n.elementor-column .elementor-spacer-inner{height:var(--spacer-size)}.e-con{--container-widget-width:100%}.e-con-inner>.elementor-widget-spacer,.e-con>.elementor-widget-spacer{width:var(--container-widget-width,var(--spacer-size));--align-self:var(--container-widget-align-self,initial);--flex-shrink:0}.e-con-inner>.elementor-widget-spacer>.elementor-widget-container,.e-con-inner>.elementor-widget-spacer>.elementor-widget-container>.elementor-spacer,.e-con>.elementor-widget-spacer>.elementor-widget-container,.e-con>.elementor-widget-spacer>.elementor-widget-container>.elementor-spacer{height:100%}.e-con-inner>.elementor-widget-spacer>.elementor-widget-container>.elementor-spacer>.elementor-spacer-inner,.e-con>.elementor-widget-spacer>.elementor-widget-container>.elementor-spacer>.elementor-spacer-inner{height:var(--container-widget-height,var(--spacer-size))}<\/style>\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-52fd5cc elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"52fd5cc\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.9.2 - 21-12-2022 *\/\n.elementor-widget-divider{--divider-border-style:none;--divider-border-width:1px;--divider-color:#2c2c2c;--divider-icon-size:20px;--divider-element-spacing:10px;--divider-pattern-height:24px;--divider-pattern-size:20px;--divider-pattern-url:none;--divider-pattern-repeat:repeat-x}.elementor-widget-divider .elementor-divider{display:flex}.elementor-widget-divider .elementor-divider__text{font-size:15px;line-height:1;max-width:95%}.elementor-widget-divider .elementor-divider__element{margin:0 var(--divider-element-spacing);flex-shrink:0}.elementor-widget-divider .elementor-icon{font-size:var(--divider-icon-size)}.elementor-widget-divider .elementor-divider-separator{display:flex;margin:0;direction:ltr}.elementor-widget-divider--view-line_icon .elementor-divider-separator,.elementor-widget-divider--view-line_text .elementor-divider-separator{align-items:center}.elementor-widget-divider--view-line_icon .elementor-divider-separator:after,.elementor-widget-divider--view-line_icon .elementor-divider-separator:before,.elementor-widget-divider--view-line_text .elementor-divider-separator:after,.elementor-widget-divider--view-line_text .elementor-divider-separator:before{display:block;content:\"\";border-bottom:0;flex-grow:1;border-top:var(--divider-border-width) var(--divider-border-style) var(--divider-color)}.elementor-widget-divider--element-align-left .elementor-divider .elementor-divider-separator>.elementor-divider__svg:first-of-type{flex-grow:0;flex-shrink:100}.elementor-widget-divider--element-align-left .elementor-divider-separator:before{content:none}.elementor-widget-divider--element-align-left .elementor-divider__element{margin-left:0}.elementor-widget-divider--element-align-right .elementor-divider .elementor-divider-separator>.elementor-divider__svg:last-of-type{flex-grow:0;flex-shrink:100}.elementor-widget-divider--element-align-right .elementor-divider-separator:after{content:none}.elementor-widget-divider--element-align-right .elementor-divider__element{margin-right:0}.elementor-widget-divider:not(.elementor-widget-divider--view-line_text):not(.elementor-widget-divider--view-line_icon) .elementor-divider-separator{border-top:var(--divider-border-width) var(--divider-border-style) var(--divider-color)}.elementor-widget-divider--separator-type-pattern{--divider-border-style:none}.elementor-widget-divider--separator-type-pattern.elementor-widget-divider--view-line .elementor-divider-separator,.elementor-widget-divider--separator-type-pattern:not(.elementor-widget-divider--view-line) .elementor-divider-separator:after,.elementor-widget-divider--separator-type-pattern:not(.elementor-widget-divider--view-line) .elementor-divider-separator:before,.elementor-widget-divider--separator-type-pattern:not([class*=elementor-widget-divider--view]) .elementor-divider-separator{width:100%;min-height:var(--divider-pattern-height);-webkit-mask-size:var(--divider-pattern-size) 100%;mask-size:var(--divider-pattern-size) 100%;-webkit-mask-repeat:var(--divider-pattern-repeat);mask-repeat:var(--divider-pattern-repeat);background-color:var(--divider-color);-webkit-mask-image:var(--divider-pattern-url);mask-image:var(--divider-pattern-url)}.elementor-widget-divider--no-spacing{--divider-pattern-size:auto}.elementor-widget-divider--bg-round{--divider-pattern-repeat:round}.rtl .elementor-widget-divider .elementor-divider__text{direction:rtl}.e-con-inner>.elementor-widget-divider,.e-con>.elementor-widget-divider{width:var(--container-widget-width);--flex-grow:var(--container-widget-flex-grow)}<\/style>\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b67e89a elementor-widget elementor-widget-jet-posts\" data-id=\"b67e89a\" data-element_type=\"widget\" data-settings=\"{&quot;columns&quot;:3,&quot;slides_to_scroll&quot;:&quot;1&quot;}\" data-widget_type=\"jet-posts.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<div class=\"elementor-jet-posts jet-elements\"><div class=\"jet-posts col-row\"><div class=\"jet-posts__item\">\n\t<div class=\"jet-posts__inner-box\"><div class=\"jet-posts__inner-content\"><h4 class=\"entry-title\"><a href=\"https:\/\/chisla.ua\/en\/e-com-payment-online\/\" target=\"\">Acceptance of online payments in the online store<\/a><\/h4><div class=\"entry-excerpt\">It is difficult to imagine a modern online store without the ability to pay for goods or services online using a bank card of any bank. To automate the payment of orders in the online store, you need to connect online acquiring.<\/div><\/div><\/div>\n<\/div>\n<div class=\"jet-posts__item\">\n\t<div class=\"jet-posts__inner-box\"><div class=\"jet-posts__inner-content\"><h4 class=\"entry-title\"><a href=\"https:\/\/chisla.ua\/en\/cooking-courses-on-cannibalism\/\" target=\"\">Culinary courses on cannibalism<\/a><\/h4><div class=\"entry-excerpt\">Warning! This material is the result of an AI experiment. The task is to generate a text using artificial intelligence on a commercial topic (service), but in fact such a service does not exist and cannot exist. Treat it like a joke.<\/div><\/div><\/div>\n<\/div>\n<div class=\"jet-posts__item\">\n\t<div class=\"jet-posts__inner-box\"><div class=\"jet-posts__inner-content\"><h4 class=\"entry-title\"><a href=\"https:\/\/chisla.ua\/en\/check-port-on-remote-linux-system\/\" target=\"\">3 Ways to Check if a Port is Open on a Remote Linux System<\/a><\/h4><div class=\"entry-excerpt\">How to check if a port is open on a remote Linux system using various commands - Netcat, Nmap ,Telnet.<\/div><\/div><\/div>\n<\/div>\n<\/div>\n<\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Vulnerability issue in Prestashop versions 1.6 and 1.7 &#8211; MySQL Smarty cache storage A newly found exploit could allow remote attackers to take control of your shop. Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites.\u00a0 To the best of our understanding, this [&hellip;]<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[25,26],"class_list":["post-15566","post","type-post","status-publish","format-standard","hentry","category-notes","tag-prestashop","tag-vulnerability","no-thumb"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerability issue in Prestashop versions 1.6 and 1.7 - MySQL Smarty cache storage &#8212; \u00ab\u0427\u0438\u0441\u043b\u0430\u00bb<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/chisla.ua\/en\/vulnerability-prestashop-mysql-smarty-cache-storage\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerability issue in Prestashop versions 1.6 and 1.7 - MySQL Smarty cache storage &#8212; \u00ab\u0427\u0438\u0441\u043b\u0430\u00bb\" \/>\n<meta property=\"og:description\" content=\"Vulnerability issue in Prestashop versions 1.6 and 1.7 &#8211; MySQL Smarty cache storage A newly found exploit could allow remote attackers to take control of your shop. Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites.\u00a0 To the best of our understanding, this [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/chisla.ua\/en\/vulnerability-prestashop-mysql-smarty-cache-storage\/\" \/>\n<meta property=\"og:site_name\" content=\"\u00ab\u0427\u0438\u0441\u043b\u0430\u00bb\" \/>\n<meta property=\"article:published_time\" content=\"2022-07-22T20:22:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-28T20:48:01+00:00\" \/>\n<meta name=\"author\" content=\"Chisla\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chisla\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/chisla.ua\/vulnerability-prestashop-mysql-smarty-cache-storage\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/chisla.ua\/vulnerability-prestashop-mysql-smarty-cache-storage\/\"},\"author\":{\"name\":\"Chisla\",\"@id\":\"https:\/\/chisla.ua\/#\/schema\/person\/4ae98ee03d8afc24ccc96019e3df8fd2\"},\"headline\":\"Vulnerability issue in Prestashop versions 1.6 and 1.7 &#8211; MySQL Smarty cache storage\",\"datePublished\":\"2022-07-22T20:22:57+00:00\",\"dateModified\":\"2023-05-28T20:48:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/chisla.ua\/vulnerability-prestashop-mysql-smarty-cache-storage\/\"},\"wordCount\":778,\"publisher\":{\"@id\":\"https:\/\/chisla.ua\/#organization\"},\"keywords\":[\"prestashop\",\"vulnerability\"],\"articleSection\":[\"\u041d\u043e\u0442\u0430\u0442\u043a\u0438\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/chisla.ua\/vulnerability-prestashop-mysql-smarty-cache-storage\/\",\"url\":\"https:\/\/chisla.ua\/vulnerability-prestashop-mysql-smarty-cache-storage\/\",\"name\":\"Vulnerability issue in Prestashop versions 1.6 and 1.7 - MySQL Smarty cache storage &#8212; \u00ab\u0427\u0438\u0441\u043b\u0430\u00bb\",\"isPartOf\":{\"@id\":\"https:\/\/chisla.ua\/#website\"},\"datePublished\":\"2022-07-22T20:22:57+00:00\",\"dateModified\":\"2023-05-28T20:48:01+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/chisla.ua\/vulnerability-prestashop-mysql-smarty-cache-storage\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/chisla.ua\/#website\",\"url\":\"https:\/\/chisla.ua\/\",\"name\":\"\u00ab\u0427\u0438\u0441\u043b\u0430\u00bb\",\"description\":\"\u0420\u043e\u0437\u0440\u043e\u0431\u043a\u0430 \u0442\u0430 \u043f\u0440\u043e\u0441\u0443\u0432\u0430\u043d\u043d\u044f \u0456\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043f\u0440\u043e\u0435\u043a\u0442\u0456\u0432\",\"publisher\":{\"@id\":\"https:\/\/chisla.ua\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/chisla.ua\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/chisla.ua\/#organization\",\"name\":\"\u00ab\u0427\u0438\u0441\u043b\u0430\u00bb\",\"url\":\"https:\/\/chisla.ua\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/chisla.ua\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/chisla.ua\/wp-content\/uploads\/2022\/12\/chisla_black_big_logo.svg\",\"contentUrl\":\"https:\/\/chisla.ua\/wp-content\/uploads\/2022\/12\/chisla_black_big_logo.svg\",\"width\":588,\"height\":111,\"caption\":\"\u00ab\u0427\u0438\u0441\u043b\u0430\u00bb\"},\"image\":{\"@id\":\"https:\/\/chisla.ua\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/chisla.ua\/#\/schema\/person\/4ae98ee03d8afc24ccc96019e3df8fd2\",\"name\":\"Chisla\",\"sameAs\":[\"https:\/\/chisla.ua\"],\"url\":\"https:\/\/chisla.ua\/en\/author\/chisla_adm\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerability issue in Prestashop versions 1.6 and 1.7 - MySQL Smarty cache storage &#8212; \u00ab\u0427\u0438\u0441\u043b\u0430\u00bb","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/chisla.ua\/en\/vulnerability-prestashop-mysql-smarty-cache-storage\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerability issue in Prestashop versions 1.6 and 1.7 - MySQL Smarty cache storage &#8212; \u00ab\u0427\u0438\u0441\u043b\u0430\u00bb","og_description":"Vulnerability issue in Prestashop versions 1.6 and 1.7 &#8211; MySQL Smarty cache storage A newly found exploit could allow remote attackers to take control of your shop. Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites.\u00a0 To the best of our understanding, this [&hellip;]","og_url":"https:\/\/chisla.ua\/en\/vulnerability-prestashop-mysql-smarty-cache-storage\/","og_site_name":"\u00ab\u0427\u0438\u0441\u043b\u0430\u00bb","article_published_time":"2022-07-22T20:22:57+00:00","article_modified_time":"2023-05-28T20:48:01+00:00","author":"Chisla","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Chisla","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/chisla.ua\/vulnerability-prestashop-mysql-smarty-cache-storage\/#article","isPartOf":{"@id":"https:\/\/chisla.ua\/vulnerability-prestashop-mysql-smarty-cache-storage\/"},"author":{"name":"Chisla","@id":"https:\/\/chisla.ua\/#\/schema\/person\/4ae98ee03d8afc24ccc96019e3df8fd2"},"headline":"Vulnerability issue in Prestashop versions 1.6 and 1.7 &#8211; MySQL Smarty cache storage","datePublished":"2022-07-22T20:22:57+00:00","dateModified":"2023-05-28T20:48:01+00:00","mainEntityOfPage":{"@id":"https:\/\/chisla.ua\/vulnerability-prestashop-mysql-smarty-cache-storage\/"},"wordCount":778,"publisher":{"@id":"https:\/\/chisla.ua\/#organization"},"keywords":["prestashop","vulnerability"],"articleSection":["\u041d\u043e\u0442\u0430\u0442\u043a\u0438"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/chisla.ua\/vulnerability-prestashop-mysql-smarty-cache-storage\/","url":"https:\/\/chisla.ua\/vulnerability-prestashop-mysql-smarty-cache-storage\/","name":"Vulnerability issue in Prestashop versions 1.6 and 1.7 - MySQL Smarty cache storage &#8212; \u00ab\u0427\u0438\u0441\u043b\u0430\u00bb","isPartOf":{"@id":"https:\/\/chisla.ua\/#website"},"datePublished":"2022-07-22T20:22:57+00:00","dateModified":"2023-05-28T20:48:01+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/chisla.ua\/vulnerability-prestashop-mysql-smarty-cache-storage\/"]}]},{"@type":"WebSite","@id":"https:\/\/chisla.ua\/#website","url":"https:\/\/chisla.ua\/","name":"\u00ab\u0427\u0438\u0441\u043b\u0430\u00bb","description":"\u0420\u043e\u0437\u0440\u043e\u0431\u043a\u0430 \u0442\u0430 \u043f\u0440\u043e\u0441\u0443\u0432\u0430\u043d\u043d\u044f \u0456\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043f\u0440\u043e\u0435\u043a\u0442\u0456\u0432","publisher":{"@id":"https:\/\/chisla.ua\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/chisla.ua\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/chisla.ua\/#organization","name":"\u00ab\u0427\u0438\u0441\u043b\u0430\u00bb","url":"https:\/\/chisla.ua\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/chisla.ua\/#\/schema\/logo\/image\/","url":"https:\/\/chisla.ua\/wp-content\/uploads\/2022\/12\/chisla_black_big_logo.svg","contentUrl":"https:\/\/chisla.ua\/wp-content\/uploads\/2022\/12\/chisla_black_big_logo.svg","width":588,"height":111,"caption":"\u00ab\u0427\u0438\u0441\u043b\u0430\u00bb"},"image":{"@id":"https:\/\/chisla.ua\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/chisla.ua\/#\/schema\/person\/4ae98ee03d8afc24ccc96019e3df8fd2","name":"Chisla","sameAs":["https:\/\/chisla.ua"],"url":"https:\/\/chisla.ua\/en\/author\/chisla_adm\/"}]}},"_links":{"self":[{"href":"https:\/\/chisla.ua\/en\/wp-json\/wp\/v2\/posts\/15566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chisla.ua\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chisla.ua\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chisla.ua\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chisla.ua\/en\/wp-json\/wp\/v2\/comments?post=15566"}],"version-history":[{"count":22,"href":"https:\/\/chisla.ua\/en\/wp-json\/wp\/v2\/posts\/15566\/revisions"}],"predecessor-version":[{"id":15598,"href":"https:\/\/chisla.ua\/en\/wp-json\/wp\/v2\/posts\/15566\/revisions\/15598"}],"wp:attachment":[{"href":"https:\/\/chisla.ua\/en\/wp-json\/wp\/v2\/media?parent=15566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chisla.ua\/en\/wp-json\/wp\/v2\/categories?post=15566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chisla.ua\/en\/wp-json\/wp\/v2\/tags?post=15566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}