Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PrestaShop Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2018-8824 - Vulnerability Database
PrestaShop

PrestaShop Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2018-8824

Critical
Reference: CVE-2018-8824
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-8824
Title: PrestaShop Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (HorizontalVerticalDropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter.