SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote malicious users to execute arbitrary SQL commands via the str parameter.
bst bestshoppro