IA Informática Valencia

CVE-2018-8824 SQL Injection in Prestashop

CVE Ref: CVE-2018-8824
Release Date: 2018/03/06
Discover Credits: Andrea Iodice
Bulletin Author:  IA - Informática Avanzada
Contact: andrea@ia-informatica.com
Type: SQL Injection in Prestashop
Level: High
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:C/CDP:H/TD:L/CR:H/IR:H/AR:H)
Vulnerable Application: Prestashop (1.5.5.0 - 1.7.2.5)

Overview:
Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro
is a Module present in PrestaShop Addons Marketplace that allow multiple vulnerabilities.

Scope:
File: /modules/bamegamenu/ajax_phpcode.php
Vulnerable Argument(s): $_POST[´code´]  or $_GET[´code´]

Proof of Concept:
GET: http://hostname/modules/bamegamenu/ajax_phpcode.php?code=p(Db::getInstance()->ExecuteS("SHOW TABLES"));

Description:
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute SQLi via the code parameter.

Solutions:
Disable function exec(), passthru(), shell_exec(), system(), delete or edit the vulnerable file.

Contact Us

Powered by

Linux Apache PHP Mysql Metasploit HTML5