Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via id_customer
, id_conf
, id_product
and token
parameters in `aftermailajax.php via the βid_productβ parameter in hooks DisplayRightColumnProduct and DisplayProductButtons.