SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote malicious users to execute arbitrary SQL commands via the grid parameter.
shop-inet shop-inet 4.0