The eo_tags package prior to 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header.
prestashop eo tags