phpShop shop/flypage SQL Injection

The version of phpShop running on the remote host has a SQL injection vulnerability. Input to the 'productid' parameter of 'shop/flypage' is not properly sanitized. A remote attacker could exploit this to issue arbitrary queries that could be used to control the database or mount further attacks...

phpshopProject.txt

Vendor : phpShop Project URL : http://www.phpshop.org Version : phpShop 0.6.1-b && Earlier Versions?? Risk : Multiple Vulnerabilities Description: phpShop is a PHP-based e-commerce application and PHP development framework. phpShop offers the basic features needed to run a successful e-commerce w...