In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via extratabspro::searchcategory()
, extratabspro::searchproduct()
and `extratabspro::searchmanufacturer().’
CPE | Name | Operator | Version |
---|---|---|---|
product_extra_tabs_pro | lt | 2.2.8 |