vendor site:http://www.enthrallweb.com/ product:eShopping Cart bug:injection sql risk:medium injection sql : http://site.com/reviews.asp?ProductID='[sql] http://site.com/subProducts.asp?cat_id='[sql] http://site.com/productdetail.asp?ProductID='[sql] http://site.com/subProducts.asp?cat_id=27&sub_id='[sql] laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@xxxxxxxxx