The Customer Photo Gallery addon prior to 2.9.4 for PrestaShop is vulnerable to SQL injection.
mypresta customer photo gallery