In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().`
https://security.friendsofpresta.org/modules/2023/10/19/creativepopup.html
https://addons.prestashop.com/fr/pop-up/39348-creative-popup.html