2018-05-10 05:29:00 2018-06-13 14:50:31

modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Prestashop Prestashop 1.5.5.0 (not an official CPE) Prestashop Prestashop 1.5.6.0 (not an official CPE) Prestashop Prestashop 1.5.6.1 (not an official CPE) Prestashop Prestashop 1.5.6.2 (not an official CPE) Prestashop Prestashop 1.6.0.1 (not an official CPE) Prestashop Prestashop 1.6.0.2 (not an official CPE) Prestashop Prestashop 1.6.0.3 (not an official CPE) Prestashop Prestashop 1.6.0.4 (not an official CPE) Prestashop Prestashop 1.6.0.5 (not an official CPE) Prestashop Prestashop 1.6.0.6 (not an official CPE) Prestashop Prestashop 1.6.0.7 (not an official CPE) Prestashop Prestashop 1.6.0.8 (not an official CPE) Prestashop E-Commerce Solution 1.6.0.9 Prestashop Prestashop 1.6.0.10 (not an official CPE) Prestashop Prestashop 1.6.0.11 (not an official CPE) Prestashop Prestashop 1.6.0.12 (not an official CPE) Prestashop Prestashop 1.6.0.13 (not an official CPE) Prestashop Prestashop 1.6.0.14 (not an official CPE) Prestashop Prestashop 1.6.1.0 (not an official CPE) Prestashop Prestashop 1.6.1.1 (not an official CPE) Prestashop Prestashop 1.6.1.2 (not an official CPE) Prestashop Prestashop 1.6.1.2 Rc3 (not an official CPE) Prestashop Prestashop 1.6.1.2 Rc4 (not an official CPE) Prestashop Prestashop 1.6.1.3 (not an official CPE) Prestashop Prestashop 1.6.1.4 (not an official CPE) Prestashop Prestashop 1.6.1.5 (not an official CPE) Prestashop Prestashop 1.6.1.6 (not an official CPE) Prestashop Prestashop 1.6.1.7 (not an official CPE) Prestashop Prestashop 1.6.1.8 (not an official CPE) Prestashop Prestashop 1.6.1.9 (not an official CPE) Prestashop Prestashop 1.6.1.10 (not an official CPE) Prestashop Prestashop 1.6.1.11 Beta1 (not an official CPE) Prestashop Prestashop 1.6.1.12 (not an official CPE) Prestashop Prestashop 1.6.1.12 Rc3 (not an official CPE) Prestashop Prestashop 1.6.1.12 Rc4 (not an official CPE) Prestashop Prestashop 1.6.1.13 (not an official CPE) Prestashop Prestashop 1.6.1.14 (not an official CPE) Prestashop Prestashop 1.6.1.15 (not an official CPE) Prestashop Prestashop 1.6.1.16 (not an official CPE) Prestashop Prestashop 1.6.1.17 (not an official CPE) Prestashop Prestashop 1.6.1.18 (not an official CPE) Prestashop Prestashop 1.6.1.19 (not an official CPE) Prestashop Prestashop 1.7.0.0 (not an official CPE) Prestashop Prestashop 1.7.0.0 Beta1 (not an official CPE) Prestashop Prestashop 1.7.0.0 Beta2 (not an official CPE) Prestashop Prestashop 1.7.0.0 Beta3 (not an official CPE) Prestashop Prestashop 1.7.0.0 Beta4 (not an official CPE) Prestashop Prestashop 1.7.0.0 Rc (not an official CPE) Prestashop Prestashop 1.7.0.0 Rc1 (not an official CPE) Prestashop Prestashop 1.7.0.0 Rc2 (not an official CPE) Prestashop Prestashop 1.7.0.1 (not an official CPE) Prestashop Prestashop 1.7.0.2 (not an official CPE) Prestashop Prestashop 1.7.0.3 (not an official CPE) Prestashop Prestashop 1.7.0.4 (not an official CPE) Prestashop Prestashop 1.7.0.5 (not an official CPE) Prestashop Prestashop 1.7.0.6 (not an official CPE) Prestashop Prestashop 1.7.1.0 (not an official CPE) Prestashop Prestashop 1.7.1.1 (not an official CPE) Prestashop Prestashop 1.7.1.2 (not an official CPE) Prestashop Prestashop 1.7.2.0 (not an official CPE) Prestashop Prestashop 1.7.2.0 Rc1 (not an official CPE) Prestashop Prestashop 1.7.2.1 (not an official CPE) Prestashop Prestashop 1.7.2.2 (not an official CPE) Prestashop Prestashop 1.7.2.3 (not an official CPE) Prestashop Prestashop 1.7.2.4 (not an official CPE) Prestashop Prestashop 1.7.2.5 (not an official CPE) Responsive mega menu pro project Responsive mega menu pro 1.0.32 ~~~prestashop~~ (not an official CPE)
Advisory Patch Confirmed Link
https://ia-informatica.com/it/CVE-2018-8824