Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
PrestaShop Responsive Mega Menu Module RCE / SQL Injection Vulnerability
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability.
Insight
Insight
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or remote code execution through function calls in the code parameter.
Affected Software
Affected Software
Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5.
Detection Method
Detection Method
Sends a crafted HTTP GET request and checks the response.
Solution
Solution
Disable function exec(), passthru(), shell_exec(), system(), delete or edit the vulnerable file.