In the module βNewsletter Popup PRO with Voucher/Coupon codeβ (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()
has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.