vendor site:http://www.2020applications.com/ product:20/20 datashed bug:injection sql risk:high injection sql get : /f-email.asp?strPeopleID=1&itemID='[sql] /listings.asp?peopleID='[sql] /listings.asp?sort_order='[sql] laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@xxxxxxxxx