SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or before 2.0.3 (for PrestaShop version 1.7), allows remote malicious users to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ebewe city_autocomplete |