SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote malicious users to execute arbitrary SQL commands via the type parameter.
iscripts eswap 2.0