PHPUnit is a testing framework for PHP, used for testing during Prestashop development. It should not be distributed with modules, but in some cases it was (ZIP archives etc.). There is known vulnerability of PHPUnit that allows allows an attacker to execute PHP code on your shop, read your database and upload or modify files - install other malware etc.

We recommend you to check the /modules/ directory of your shop and for each module make sure that you don't have "vendor/phpunit" directory. If you find it, you can simply delete it, the module will work the same way. For 1.7 version, check also /vendor/ folder in root directory/vendor/symfony/symfony/src/Symfony/Bridge/PhpUnit/ is OK - safe). The name of problematic file is eval-stdin.php, in case you find it anywhere, make sure to delete that folder.

Common modules that may include this library are:
- autoupgrade
- ps_facetedsearch
- gamification

Deleting phpunit folders doesn't solve the case when shop was already compromised by malware.

Comments

This website uses cookies to enable it to perform properly. Details of the cookies and instructions on how to disable them can be found in the cookie policy. By using this website, you agree to our use of cookies.