2018-05-22 17:00:00
mitre
PUBLISHED
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.