Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
readymadeb2bscript basic b2b script -