.. / CVE-2018-8823

Exploit for PrestaShop Responsive Mega Menu Module - Remote Code Execution (CVE-2018-8823)

Description:

The ‘Responsive Mega Menu’ module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or remote code execution through function calls in the code parameter.

Nuclei Template

View the template here CVE-2018-8823.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-8823.yaml

References:

https://www.openservis.cz/prestashop-blog/nejcastejsi-utoky-v-roce-2023-seznam-deravych-modulu-nemate-nejaky-z-nich-na-e-shopu-i-vy/
https://github.com/advisories/GHSA-q937-6mg8-6rgc
https://github.com/zapalm/prestashop-security-vulnerability-checker
https://nvd.nist.gov/vuln/detail/CVE-2018-8823
https://vulners.com/openvas/OPENVAS:1361412562310144185

.. / CVE-2018-8823 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for PrestaShop Responsive Mega Menu Module - Remote Code Execution (CVE-2018-8823)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2018-8823