CVE-2023-30154 Information

Description

Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop before version 2.2.1 allows remote attackers to perform SQL injection attacks via id_customer id_conf id_product and token parameters in `aftermailajax.php via the ‘id_product’ parameter in hooks DisplayRightColumnProduct and DisplayProductButtons.

Reference

https://security.friendsofpresta.org/modules/2023/10/10/aftermailpresta.html