Home
Description
Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, validation.php, or callback.php.
References
www.monetico-paiement.fr/...tabi=I0&_pid=ValidateLicencePage
security.friendsofpresta.org/.../06/10/MoneticoPaiement.html