Description

modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter.

Remediation

References

CVE-2018-8824

Related Vulnerabilities

WordPress Plugin Seed Social Cross-Site Scripting (2.0.3)

WordPress Improper Input Validation Vulnerability (CVE-2019-20041)

WordPress plugin Custom Contact Forms critical vulnerability

WordPress Plugin FormCraft-Premium WordPress Form Builder Cross-Site Scripting (3.2.31)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6613)

Severity

Critical

Classification

CVE-2018-8824 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities