Vulnerability Scanner
Sentinel's vulnerability scanner analyzes your PrestaShop installation to detect known vulnerabilities in your modules and PrestaShop core.
How it works
- Information Collection: Sentinel collects information about your PrestaShop installation (version, installed modules, etc.)
- Send to Sentinel API: Information is securely sent to the Sentinel API
- Analysis: The API compares your installation against its database of known vulnerabilities
- Report: A detailed report is generated with found vulnerabilities, classified by severity level
Access the Scanner
To access the vulnerability scanner:
- Log in to your PrestaShop back-office
- Go to Modules > Sentinel > Security Scanner
- Click the Run Scan button
Severity Levels
Vulnerabilities are classified into 4 severity levels:
Critical
Critical vulnerabilities that must be fixed immediately. They typically allow:
- Remote Code Execution (RCE)
- SQL injection with full database access
- Complete authentication bypass
Recommended Action: Immediate fix (within 24h)
High
Important vulnerabilities that can compromise your site's security:
- SQL injection with limited access
- Cross-Site Scripting (XSS) allowing admin session theft
- Uncontrolled file upload
Recommended Action: Fix within 7 days
Medium
Vulnerabilities that require attention but don't immediately compromise the site:
- Simple reflected XSS
- Sensitive information disclosure
- Access restriction bypass
Recommended Action: Fix within 30 days
Low
Minor vulnerabilities or those requiring specific conditions:
- Non-sensitive information disclosure
- Minor configuration issues
Recommended Action: Fix during next maintenance
Scan History
The scanner keeps a history of all performed scans. For each scan, you can see:
- Date and time of the scan
- Total number of detected vulnerabilities
- Distribution by severity: number of critical, high, medium and low vulnerabilities
- Scan details: click on a scan to see the full report
Information Collected
Sentinel only collects information necessary for security analysis:
{
"prestashop_version": "8.1.0",
"php_version": "8.1.0",
"modules": [
{
"name": "ps_emailsubscription",
"version": "2.6.1",
"active": true
}
]
}
No customer or transaction data is collected.
What to do after a scan?
1. Prioritize Fixes
Start with Critical and High vulnerabilities.
2. Update Vulnerable Modules
For each detected vulnerability:
- Check if a module update is available
- If yes, update the module immediately
- If no, disable the module while waiting for a fix
3. Update PrestaShop
If vulnerabilities concern PrestaShop core, plan a PrestaShop update.
4. Disable Unused Modules
If a vulnerable module is not used, disable and delete it.
5. Re-scan After Fix
After fixing vulnerabilities, run a new scan to confirm everything is resolved.
Recommended Frequency
- Minimum: 1 scan per month
- Recommended: 1 scan per week
- After: Each module installation/update
Sentinel API
The scanner communicates with the Sentinel API. This API:
- Maintains an up-to-date database of PrestaShop vulnerabilities
- Analyzes your installation securely
- Does not store any personal or commercial information
Authentication
The scanner uses an API key automatically generated during module installation. This key is stored in PrestaShop configuration and used to authenticate requests to the API.
Troubleshooting
Scan Fails
If the scan fails, check:
- Connectivity: Can your server access the Internet?
- PHP Configuration: Is
curlenabled? - Firewall: Is the Sentinel API not blocked by your firewall?
Missing API Key
If you see the error "SENTINEL_API_KEY is not configured":
- Uninstall the Sentinel module
- Reinstall it
- The API key will be automatically generated
Security and Privacy
- Encryption: All communications with the Sentinel API use HTTPS
- Minimal Data: Only information necessary for scanning is transmitted
- No Tracking: Sentinel does not collect any browsing or behavior data
- GDPR Compliant: No personal data is transmitted or stored
Next: Security Logs