The eo_tags package prior to 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie.
prestashop eo tags