vendor site: http://fishcart.org/ product :fish cart bug:injection sql risk : medium injection sql : /display.php?cartid=200701210157208&zid=1&lid=1&olimit=5&cat=&key1=&nlst=y&olst='[sql] ( change the cartid value with yours ) laurent gaffie http://s-a-p.ca/ contact: saps.audit@xxxxxxxxx