v1.6-v1.7 INFO - Prestashop Security v 1.6, 1.7

[Sergiy]

Major Security Vulnerability On PrestaShop Websites​

A NEWLY FOUND EXPLOIT COULD ALLOW REMOTE ATTACKERS TO TAKE CONTROL OF YOUR SHOP.​

Written by
PrestaShop team
More...

Manual elimination of the hole

Find the file config/smarty.config.inc.php in your PrestaShop installation and delete lines 43-46 (PrestaShop 1.7) or 40-43 (PrestaShop 1.6)

if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') {
    include _PS_CLASS_DIR_.'Smarty/SmartyCacheResourceMysql.php';
    $smarty->caching_type = 'mysql';
}

 

[d-shilko]

Major Security Vulnerability On PrestaShop Websites​

A NEWLY FOUND EXPLOIT COULD ALLOW REMOTE ATTACKERS TO TAKE CONTROL OF YOUR SHOP.​

Written by
PrestaShop team
More...

Manual elimination of the hole

Find the file config/smarty.config.inc.php in your PrestaShop installation and delete lines 43-46 (PrestaShop 1.7) or 40-43 (PrestaShop 1.6)

if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') {
    include _PS_CLASS_DIR_.'Smarty/SmartyCacheResourceMysql.php';
    $smarty->caching_type = 'mysql';
}

Hi. This info should be placed in the Request thread.

Your solution is templory.
Here right solution. In another case, you have to update PS to v1.7.8.7

Merge 1.7.8.7 into 1.7.8.x [merge] by atomiix · Pull Request #29153 · PrestaShop/PrestaShop

Questions Answers Branch? 1.7.8.x Description? Merge release branch 1.7.8.7-release into 1.7.8.x Type? bug fix Category? ME BC breaks? no Deprecations? no Fixed ticket? Related P...

github.com

 

[sbuerman]

Thanks for the solution, I'll try it

 

[ShoppingO]

Your solution is templory but is OK thanks

 

[wakat]

Manual elimination of the hole

or download latest version 1.7.8.7

 

[Biju]

Thank you for your info. Is good to know