Presto Changeo testsitecreator up to v1.1.1 exists to contain a SQL injection vulnerability via the component disable_json.php.
presto-changeo testsitecreator