CVE-2018-8824
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary SQL commands through the Responsive Mega Menu Pro module in PrestaShop. Attackers can exploit the SQL injection in the code parameter of ajax_phpcode.php to potentially access, modify, or delete database content. All PrestaShop installations using the affected module version are vulnerable.
💻 Affected Systems
- PrestaShop with Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module
📦 What is this software?
Prestashop by Prestashop
Responsive Mega Menu Pro by Responsive Mega Menu Pro Project
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, privilege escalation, or remote code execution via database functions.
Likely Case
Data exfiltration of sensitive information like customer data, admin credentials, or payment information.
If Mitigated
Limited impact with proper input validation and database permissions restricting damage to non-critical data.
🎯 Exploit Status
SQL injection is straightforward to exploit with common tools like sqlmap. The vulnerability requires no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Module version >1.0.32
Vendor Advisory: https://ia-informatica.com/it/CVE-2018-8824
Restart Required: No
Instructions:
1. Update the Responsive Mega Menu Pro module to the latest version. 2. Alternatively, remove the vulnerable module if not needed. 3. Apply PrestaShop security updates if available.
🔧 Temporary Workarounds
Remove vulnerable file
linuxDelete or rename the vulnerable ajax_phpcode.php file to prevent exploitation
rm modules/bamegamenu/ajax_phpcode.php
mv modules/bamegamenu/ajax_phpcode.php modules/bamegamenu/ajax_phpcode.php.bak
Web server access restriction
allBlock access to the vulnerable endpoint using web server configuration
# Apache: <Location "/modules/bamegamenu/ajax_phpcode.php"> Require all denied </Location>
# Nginx: location ~ /modules/bamegamenu/ajax_phpcode\.php { deny all; }
🧯 If You Can't Patch
- Implement WAF rules to block SQL injection patterns targeting the vulnerable endpoint
- Restrict database user permissions to minimize potential damage from successful exploitation
🔍 How to Verify
Check if Vulnerable:
Check if file exists: ls -la modules/bamegamenu/ajax_phpcode.php. Check module version in module configuration.Check Version:
Check PrestaShop admin panel for module version or examine module configuration files.Verify Fix Applied:
Verify the file no longer exists or has been updated. Test with sqlmap or manual injection attempts to confirm patching.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /modules/bamegamenu/ajax_phpcode.php with SQL keywords in parameters
- Database error logs showing SQL syntax errors from the module
Network Indicators:
- HTTP requests containing SQL injection payloads targeting the code parameter
- Unusual database connections from web server IP
SIEM Query:
web.url:*ajax_phpcode.php AND (web.query:*UNION* OR web.query:*SELECT* OR web.query:*INSERT* OR web.query:*DELETE*)