Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PrestaShop Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2018-8823 - Vulnerability Database
PrestaShop

PrestaShop Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2018-8823

Critical
Reference: CVE-2018-8823
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-8823
Title: PrestaShop Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (HorizontalVerticalDropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter.