SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote malicious users to execute arbitrary SQL commands via the OrderBy parameter.
quadcomm q-shop 3.5