Vulnerabilities > Shoprunners

DATE CVE VULNERABILITY TITLE RISK
2023-10-14 CVE-2023-30154 SQL Injection vulnerability in Shoprunners Aftermail
Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons.
network
low complexity
shoprunners CWE-89
critical
9.8