Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via id_customer, id_conf, id_product and token parameters in `aftermailajax.php via the 'id_product' parameter in h...
9.8CVSS
9.7AI Score
0.001EPSS