Jannock

**Name of the Vulnerable Software and Affected Versions** ECShop version 2.7.2 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `encode` parameter in the "search.php" endpoint. **Recommendations** For ECShop version 2.7.2, update the software to a version that fixes this issue or restrict access to the "search.php" endpoint to minimize the risk of exploitation. As a temporary workaround, consider validating and sanitizing the `encode` parameter to prevent malicious input.