In the module “Step by Step products Pack” (ndk_steppingpack) up to 1.5.6 from NDK Design for PrestaShop, a guest can perform SQL injection in affected versions.
View the template here CVE-2023-46347.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-46347