In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via extratabspro::searchcategory(), extratabspro::searchproduct() and `extratabspro::searchmanufacturer().'
9.8CVSS
9.8AI Score
0.001EPSS