In the module βProduct Catalog (CSV, Excel) Export/Updateβ (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method productsUpdateModel::getExportIds()
has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.