CVE-2006-5772 - Impropriate Blackman
Description
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter.
Reference
http://secunia.com/advisories/22664 http://www.freewebshop.org/index.php?id=27 http://www.vupen.com/english/advisories/2006/4332 https://exchange.xforce.ibmcloud.com/vulnerabilities/29990 https://www.exploit-db.com/exploits/2704