Comsenz · Comsenz Epshop · CVE-2008-3412
**Name of the Vulnerable Software and Affected Versions**
Comsenz EPShop (aka ECShop) versions prior to 3.0
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `pid` parameter in a pro show or disppro action to the default URI.
**Recommendations**
For versions prior to 3.0, update to version 3.0 or later to resolve the issue.