N/A

In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method `NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

N/A

N/A

PrestaShop 安全漏洞

PrestaShop是美国PrestaShop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 PrestaShop newsletterpop 2.6.1 之前版本存在安全漏洞，该漏洞源于NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()方法存在安全问题，可以通过简单的 http 调用来执行 SQL 注入。

N/A

N/A