PrestaShop has recently found a major security vulnerability on core PrestaShop software which is affecting PrestaShop websites that are old versions or have custom code which is vulnerable to SQL injection. The vulnerability exploits the flaw in PrestaShop code through SQL injection by creating a file on the root folder (blm.php) and then directs the customers to a fake checkout page which sends the customer payment to the hacker’s account. This is a major vulnerability.


We advise all the PrestaShop website owners to update their shops with the latest version of PrestaShop to avoid hacking attacks.

The PrestaShop team has issued a security patch in the way of an upgraded version of the PrestaShop. This can be applied to the latest versions of the PrestaShop. however, any merchant running an older version of PrestaShop is more vulnerable to the hacking attack and must upgrade their websites to the latest version of PrestaShop.

However, if your store is already attacked by hackers, then the patch may not help. this is what the PrestaShop email says:

“Please note that this patch solves the vulnerability identified by PrestaShop, but if a store has already been attacked by hackers, the patch won’t restore its security. We recommend contacting a specialist to perform an audit on your shop, determine if it has been attacked, and perform the necessary clean-up if required.”

PrestaShop code maintainers have also advised keeping your PrestaShop installations upgraded to the latest version and regularly updating the modules to fend off the hackers. here is what PrestaShop says about keeping your store updated.

“PrestaShop wants to stress out the importance of keeping systems updated to keep stores safe from attacks. This means regularly updating both the PrestaShop platform and its modules, as well as server environments.”

If your store needs the security patch or your store needs an upgrade, you can get in touch with us, we are an experienced PrestaShop development team working to build and maintain the PrestaShop website for 10+ years. Click here to avail our PrestaShop upgrade services.

Our team can help you at multiple levels. Firstly by detecting if your website is hacked. If not hacked we can upgrade your website to the latest PrestaShop version to avoid the attack. In case it is attacked, we can sanitize your website and fortify it with security patches to avoid future attacks.

For more information on the bug, please click here to know more
To more about the patch,
please click here to find more.