Hi, This bug have been posted on our bugtracker with a fake sql injection, we have answered to him.
We have tested all core version since 1.2, and there is no possible injection, maybe he have used a module which is not developped by PrestaShop and which is vulnerable. Best Regards STOJANOVIC Nebojsa CTO @ PrestaShop
