CVE-2018-8824

modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
responsive_mega_menu_pro_projectresponsive_mega_menu_pro
1.0.32
prestashopprestashop
1.5.5.0 ≤
𝑥
≤ 1.7.2.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://ia-informatica.com/it/CVE-2018-8824
https://ia-informatica.com/it/CVE-2018-8824