SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower allows remote malicious users to execute arbitrary SQL commands via the id parameter.
sunbyte e-flower _nil