External risk intelligence
PrestaShop could allow external attackers to take over back-office administrative accounts.
PrestaShop e-commerce platforms could allow external attackers to manipulate the "Contact Us" form, potentially exposing administrative back-office systems to session hijacking and full account takeover.
Halo Surface Signal
5/ 5The vulnerability exists within a public-facing "Contact Us" form on a PrestaShop e-commerce platform. As an e-commerce application, the storefront and its contact forms are designed to be internet-accessible by default to facilitate customer communication.
Exposure facts
H – Horizon Alert
A security vulnerability has been identified within the PrestaShop e-commerce platform, where the "Contact Us" form can be manipulated to store malicious code. When an administrator reviews a message containing this code, it executes within their browser, potentially allowing an attacker to hijack the session and gain full control over the back-office management interface. This issue poses a significant risk to the integrity of administrative access and internal e-commerce management systems.
A – Asset Exposure
This vulnerability affects PrestaShop e-commerce platforms, specifically impacting the administrative back-office Customer Service interface. Because the flaw is triggered through the publicly accessible "Contact Us" form, external attackers can initiate the exploit without needing prior system access. A successful compromise could result in session hijacking and full back-office takeover, granting unauthorized control over administrative functions.
L – Live Threat
We are currently reviewing an identified security weakness within the PrestaShop platform, which could potentially allow an unauthorized party to gain access to administrative functions through a contact form submission. At this time, the available context does not indicate active exploitation or observed targeting of this vulnerability. We will continue to monitor the situation for any new signals regarding the threat landscape.
O – Operational Fix
To secure your e-commerce operations, please instruct your IT team to apply the latest security updates provided by the vendor. These updates are necessary to resolve a security vulnerability within the Customer Service interface that could compromise administrative access. We recommend prioritizing this deployment as part of your standard maintenance schedule to protect your systems.