SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
galaxyscriptz myphpauction 2010