In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .
Products Affected
| Vendor | Product | Version |
|---|---|---|
| prestatoolkit | make_an_offer/offer_your_price | * |