IA Informática Valencia

PrestasShop SQL Injection

CVE Ref: CVE-2018-8824
Release Date: 2018/03/06
Discover Credits: Andrea Iodice
Bulletin Author:  IA - Informática Avanzada
Contact: andrea@ia-informatica.com
Type: SQL Injection
Level: High
Vulnerable Application: Prestashop (1.5.5.0 - 1.7.2.5)

Overview:
Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro
is a Module present in PrestaShop Addons Marketplace that allow multiple vulnerabilities.

Scope:
File: /modules/bamegamenu/ajax_phpcode.php
Vulnerable Argument(s): $_POST[´code´]  or $_GET[´code´]

Proof of Concept:
GET: http://site/modules/bamegamenu/ajax_phpcode.php?code=p(Db::getInstance()->ExecuteS("show tables"));

Description:
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection trought PHP code via the code parameter.

Solutions:
Delete or edit the vulnerable file.

Contact Us

Powered by

Linux Apache PHP Mysql Metasploit HTML5