SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote malicious users to execute arbitrary SQL commands via the cat parameter.
ashopsoftware ashop deluxe 4