CVE-2024-25849

In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` . > MITRE Terms of Use apply – see LICENSE‑MITRE.txt