CVE-2018-8823

modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter.

Published: Mar 28, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-8823
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
responsive_mega_menu_pro_project / responsive_mega_menu_pro	1.0.32	1.0.32.x
prestashop / prestashop	1.5.5.0	1.7.2.5.x

https://ia-informatica.com/it/CVE-2018-8823

Vulnerability Database

CVE-2018-8823