Recently, there have been several attacks caused by a security flaw in few Prestashop modules. Here is the list:

  • /modules/explorerpro/action.php
  • /modules/sampledatainstall/sampledatainstall-ajax.php
  • /modules/colorpictures/ajax/upload.php

I recommend avoiding these modules or check with their author if they can provide security fix.

The following core files are usually modified:

  • controllers / admin / AdminLoginController.php
  • classes / Customer.php
  • classes / Employee.php
  • controllers / front / AuthController.php

The modification cause that password of the user account is sent away via Telegram API.