Vulnerabilities > Shoprunners
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-14 | CVE-2023-30154 | SQL Injection vulnerability in Shoprunners Aftermail Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons. | 9.8 |