Sql injection
SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the scid parameter in a searchlist action, a different vector than CVE-2007-2549...