CVE-2018-8823 PoC — PrestaShop Responsive Mega Menu Pro模块安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-8823.yaml

Associated Vulnerability

Title:PrestaShop Responsive Mega Menu Pro模块安全漏洞 (CVE-2018-8823)
Description:PrestaShop是美国PrestaShop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。Responsive Mega Menu（Horizontal+Vertical+Dropdown）Pro module是使用在其中的一个响应式菜单模块。 PrestaShop 1.5.5.0版本至1.7.2.5版本中的Responsive Mega Menu Pro模块1.0.32版本的modules/bamegamenu/ajax_phpcode.php文件存在安全漏

Description

The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or remote code execution through function calls in the code parameter.

File Snapshot


 id: CVE-2018-8823

info:
  name: PrestaShop Responsive Mega Menu Module - Remote Code Execution
  au

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!