SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
phpauction phpauction 3.2